Thinkpad 13e BIOS
by Lenovo
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-3756 | Hig | 0.51 | 7.8 | 0.00 | Aug 18, 2017 | A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path. | ||
| CVE-2016-8222 | Med | 0.29 | 4.4 | 0.00 | Nov 30, 2016 | A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow… | ||
| CVE-2026-0940 | 0.00 | — | 0.00 | Mar 11, 2026 | A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code. | |||
| CVE-2023-5078 | 0.00 | — | 0.00 | Nov 8, 2023 | A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware. | |||
| CVE-2022-4575 | 0.00 | — | 0.00 | Oct 30, 2023 | A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot. | |||
| CVE-2022-48189 | 0.00 | — | 0.00 | Oct 30, 2023 | An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. | |||
| CVE-2022-4574 | 0.00 | — | 0.00 | Oct 30, 2023 | An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. | |||
| CVE-2022-1108 | 0.00 | — | 0.00 | Apr 22, 2022 | A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code. | |||
| CVE-2022-1107 | 0.00 | — | 0.00 | Apr 22, 2022 | During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code. | |||
| CVE-2021-3843 | 0.00 | — | 0.00 | Nov 12, 2021 | A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. | |||
| CVE-2021-3718 | 0.00 | — | 0.00 | Nov 12, 2021 | A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS. | |||
| CVE-2021-3599 | 0.00 | — | 0.00 | Nov 12, 2021 | A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. | |||
| CVE-2021-3452 | 0.00 | — | 0.00 | Jul 16, 2021 | A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. | |||
| CVE-2020-8335 | 0.00 | — | 0.00 | Sep 1, 2020 | The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may… |
- risk 0.51cvss 7.8epss 0.00
A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path.
- risk 0.29cvss 4.4epss 0.00
A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow…
- CVE-2026-0940Mar 11, 2026risk 0.00cvss —epss 0.00
A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code.
- CVE-2023-5078Nov 8, 2023risk 0.00cvss —epss 0.00
A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware.
- CVE-2022-4575Oct 30, 2023risk 0.00cvss —epss 0.00
A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.
- CVE-2022-48189Oct 30, 2023risk 0.00cvss —epss 0.00
An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.
- CVE-2022-4574Oct 30, 2023risk 0.00cvss —epss 0.00
An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.
- CVE-2022-1108Apr 22, 2022risk 0.00cvss —epss 0.00
A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code.
- CVE-2022-1107Apr 22, 2022risk 0.00cvss —epss 0.00
During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.
- CVE-2021-3843Nov 12, 2021risk 0.00cvss —epss 0.00
A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.
- CVE-2021-3718Nov 12, 2021risk 0.00cvss —epss 0.00
A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS.
- CVE-2021-3599Nov 12, 2021risk 0.00cvss —epss 0.00
A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.
- CVE-2021-3452Jul 16, 2021risk 0.00cvss —epss 0.00
A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.
- CVE-2020-8335Sep 1, 2020risk 0.00cvss —epss 0.00
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may…