Thinkpad

This hub aggregates every CVE we track for Thinkpad, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 7 most recently published vulnerabilities affecting Thinkpad.

• CVE-2023-4030A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.8.4Aug 17, 2023
• CVE-2023-4029A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.6.7Aug 17, 2023
• CVE-2023-2290A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.6.4Jun 26, 2023
• CVE-2020-8341In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range ...2.4Sep 1, 2020
• CVE-2019-6172A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution.6.4Nov 12, 2019
• CVE-2019-6170A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution.6.4Nov 12, 2019
• CVE-2007-1307Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors.10.0Mar 7, 2007