Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
lenovo

bios

3 Versions 32 CVEs

Versions

0

SINGLE_NUMBER 1 CVE

unspecified

OTHER 2 CVEs

various

OTHER 30 CVEs

Recent CVEs

CVE-2020-8333

A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution

MEDIUM Sep 24, 2020

CVE-2020-8336

Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash.

MEDIUM Jun 09, 2020

CVE-2020-8334

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access.

MEDIUM Jun 09, 2020

CVE-2020-8323

A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.

MEDIUM Jun 09, 2020

CVE-2020-8322

A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.

MEDIUM Jun 09, 2020

CVE-2020-8321

A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.

MEDIUM Jun 09, 2020

CVE-2020-8320

An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.

MEDIUM Jun 09, 2020

CVE-2019-6190

Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled.

MEDIUM Feb 14, 2020

CVE-2019-6171

A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.

MEDIUM Aug 19, 2019

CVE-2019-6156

In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.

UNKNOWN Apr 10, 2019