Lenovo thinksystem sr635
This hub aggregates every CVE we track for Lenovo thinksystem sr635, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.
11
CVEs tracked
0
Critical
5
High
0
In CISA KEV
Severity distribution
HIGH5MEDIUM5LOW1
Monthly trend
0
0
0
0
0
2
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
2024-072026-06
Latest CVEs
The 11 most recently published vulnerabilities affecting Lenovo thinksystem sr635.
- CVE-2024-21944Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root o...5.3
- CVE-CVE-2024-21944Уязвимость микропрограммного обеспечения процессоров безопасности AMD Secure Processor (ASP), связанная с неправильной проверкой входных данных, позволяющая нарушителю повысить свои привилегия5.3
- CVE-2024-33056Buffer Over-read in MProc8.4
- CVE-2024-33044Improper Validation of Array Index in Hypervisor8.4
- CVE-2023-20532Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service. 5.3
- CVE-2023-20531Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service. 7.5
- CVE-2023-20530Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service. 7.5
- CVE-2023-20529Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service. 7.5
- CVE-2023-20528Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality. 2.4
- CVE-2023-20527Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service. 6.5
- CVE-2023-20525Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service. 6.5
Product normalization is registry-driven with AI assist and human review. How it works