Thinkpad bios
This hub aggregates every CVE we track for Thinkpad bios, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.
10
CVEs tracked
0
Critical
0
High
0
In CISA KEV
Severity distribution
MEDIUM10
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 10 most recently published vulnerabilities affecting Thinkpad bios.
- CVE-2023-5078A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware.6.7
- CVE-2022-4575 A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges th...6.7
- CVE-2022-48189An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. 6.7
- CVE-2022-4574 An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. 6.7
- CVE-2022-1108A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated ...6.7
- CVE-2022-1107During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attack...6.7
- CVE-2021-3843A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.6.7
- CVE-2021-3718A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS.4.3
- CVE-2021-3599A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.6.7
- CVE-2021-3452A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.6.7
Product normalization is registry-driven with AI assist and human review. How it works