Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for ideapad_1-11igl05_firmware by lenovo

    CVE-2023-4028 (GCVE-0-2023-4028)

    Vulnerability from nvd – Published: 2023-08-17 16:48 – Updated: 2024-10-08 13:50
    VLAI
    Summary
    A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo Lenovo Notebook Affected: various
    Create a notification for this product.
    lenovo ideapad_flex_5_16iau7 Affected: 0
        cpe:2.3:h:lenovo:ideapad_flex_5_16iau7:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_flex_5_16iru8 Affected: 0
        cpe:2.3:h:lenovo:ideapad_flex_5_16iru8:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo 13w_yoga Affected: 82s1
    Affected: 82s2
        cpe:2.3:h:lenovo:13w_yoga:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo 13w_yoga_gen_2 Affected: 82yr
    Affected: 82y2
        cpe:2.3:h:lenovo:13w_yoga_gen_2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_5-14alc05 Affected: 0
        cpe:2.3:h:lenovo:ideapad_5-14alc05:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_5-15alc05 Affected: 0
        cpe:2.3:h:lenovo:ideapad_5-15alc05:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo flex_5-14are05 Affected: 0
        cpe:2.3:h:lenovo:flex_5-14are05:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo flex_5-14iil05 Affected: 0
        cpe:2.3:h:lenovo:flex_5-14iil05:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo flex_5-14itl05 Affected: 0
        cpe:2.3:h:lenovo:flex_5-14itl05:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo flex_5-15alc05 Affected: 0
        cpe:2.3:h:lenovo:flex_5-15alc05:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo flex_5-15iil05 Affected: 0
        cpe:2.3:h:lenovo:flex_5-15iil05:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo flex_5-15itl05 Affected: 0
        cpe:2.3:h:lenovo:flex_5-15itl05:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_1-11ada05 Affected: 0
        cpe:2.3:h:lenovo:ideapad_1-11ada05:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_1-11igl05 Affected: 0
        cpe:2.3:h:lenovo:ideapad_1-11igl05:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_1-14ada05 Affected: 0
        cpe:2.3:h:lenovo:ideapad_1-14ada05:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_1-14igl05 Affected: 0
        cpe:2.3:h:lenovo:ideapad_1-14igl05:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_flex_5_14abr8 Affected: 0
        cpe:2.3:h:lenovo:ideapad_flex_5_14abr8:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_flex_5_14alc7 Affected: 0
        cpe:2.3:h:lenovo:ideapad_flex_5_14alc7:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_flex_5_14iau7 Affected: 0
        cpe:2.3:h:lenovo:ideapad_flex_5_14iau7:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_flex_5_14iru8 Affected: 0
        cpe:2.3:h:lenovo:ideapad_flex_5_14iru8:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_flex_5_16abr8 Affected: 0
        cpe:2.3:h:lenovo:ideapad_flex_5_16abr8:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_flex_5_16alc7 Affected: 0
        cpe:2.3:h:lenovo:ideapad_flex_5_16alc7:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo flex_7_14iau7_firmware Affected: 0
        cpe:2.3:o:lenovo:flex_7_14iau7_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo flex_7_14iru8 Affected: 0
        cpe:2.3:h:lenovo:flex_7_14iru8:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo thinkbook_13s_g2_are Affected: 0
        cpe:2.3:h:lenovo:thinkbook_13s_g2_are:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo thinkbook_13s_g2_itl Affected: 0
        cpe:2.3:h:lenovo:thinkbook_13s_g2_itl:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo thinkbook_13s_g3_acn Affected: 0
        cpe:2.3:h:lenovo:thinkbook_13s_g3_acn:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo thinkbook_13s_g4_iap Affected: 0
        cpe:2.3:h:lenovo:thinkbook_13s_g4_iap:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo thinkbook_13x_g2_iap Affected: 0
        cpe:2.3:h:lenovo:thinkbook_13x_g2_iap:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo thinkbook_14s_g2_itl Affected: 0
        cpe:2.3:h:lenovo:thinkbook_14s_g2_itl:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo yoga_9-15imh5 Affected: 0
        cpe:2.3:h:lenovo:yoga_9-15imh5:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:17:11.498Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_flex_5_16iau7:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_flex_5_16iau7",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_flex_5_16iru8:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_flex_5_16iru8",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:13w_yoga:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "13w_yoga",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "82s1"
                  },
                  {
                    "status": "affected",
                    "version": "82s2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:13w_yoga_gen_2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "13w_yoga_gen_2",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "82yr"
                  },
                  {
                    "status": "affected",
                    "version": "82y2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_5-14alc05:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_5-14alc05",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_5-15alc05:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_5-15alc05",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:flex_5-14are05:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flex_5-14are05",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:flex_5-14iil05:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flex_5-14iil05",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:flex_5-14itl05:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flex_5-14itl05",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:flex_5-15alc05:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flex_5-15alc05",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:flex_5-15iil05:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flex_5-15iil05",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:flex_5-15itl05:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flex_5-15itl05",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_1-11ada05:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_1-11ada05",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_1-11igl05:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_1-11igl05",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_1-14ada05:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_1-14ada05",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_1-14igl05:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_1-14igl05",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_flex_5_14abr8:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_flex_5_14abr8",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_flex_5_14alc7:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_flex_5_14alc7",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_flex_5_14iau7:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_flex_5_14iau7",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_flex_5_14iru8:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_flex_5_14iru8",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_flex_5_16abr8:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_flex_5_16abr8",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_flex_5_16alc7:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_flex_5_16alc7",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:lenovo:flex_7_14iau7_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flex_7_14iau7_firmware",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:flex_7_14iru8:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flex_7_14iru8",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:thinkbook_13s_g2_are:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "thinkbook_13s_g2_are",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:thinkbook_13s_g2_itl:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "thinkbook_13s_g2_itl",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:thinkbook_13s_g3_acn:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "thinkbook_13s_g3_acn",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:thinkbook_13s_g4_iap:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "thinkbook_13s_g4_iap",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:thinkbook_13x_g2_iap:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "thinkbook_13x_g2_iap",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:thinkbook_14s_g2_itl:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "thinkbook_14s_g2_itl",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:yoga_9-15imh5:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "yoga_9-15imh5",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4028",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T13:16:57.654067Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T13:50:36.650Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Lenovo Notebook",
              "vendor": "Lenovo",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code."
                }
              ],
              "value": "A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-17T16:48:06.884Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
                }
              ],
              "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2023-4028",
        "datePublished": "2023-08-17T16:48:06.884Z",
        "dateReserved": "2023-07-31T16:44:11.696Z",
        "dateUpdated": "2024-10-08T13:50:36.650Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1892 (GCVE-0-2022-1892)

    Vulnerability from nvd – Published: 2023-01-23 15:31 – Updated: 2025-04-02 14:37
    VLAI
    Summary
    A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo BIOS Affected: various
    Create a notification for this product.
    Credits
    Lenovo thanks Martin Smolár from ESET for reporting these issues.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:17:00.914Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-91369"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1892",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-02T14:36:42.939310Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-02T14:37:24.386Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BIOS",
              "vendor": "Lenovo",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Lenovo thanks Martin Smol\u00e1r from ESET for reporting these issues."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code."
                }
              ],
              "value": "A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-26T06:03:10.975Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-91369"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-91369\u003cbr\u003e"
                }
              ],
              "value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-91369\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2022-1892",
        "datePublished": "2023-01-23T15:31:19.243Z",
        "dateReserved": "2022-05-25T20:29:39.456Z",
        "dateUpdated": "2025-04-02T14:37:24.386Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3614 (GCVE-0-2021-3614)

    Vulnerability from nvd – Published: 2021-07-16 20:30 – Updated: 2024-08-03 17:01
    VLAI
    Summary
    A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage.
    CWE
    • CWE-636 - Not Failing Securely ('Failing Open')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Notebook BIOS Affected: various
    Create a notification for this product.
    Credits
    Lenovo thanks Tim Boyd, NCC Group for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:01:07.203Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Notebook BIOS",
              "vendor": "Lenovo",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo thanks Tim Boyd, NCC Group for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-636",
                  "description": "CWE-636 Not Failing Securely (\u0027Failing Open\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T20:30:20.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529."
            }
          ],
          "source": {
            "advisory": "LEN-65529",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2021-3614",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Notebook BIOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo thanks Tim Boyd, NCC Group for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-636 Not Failing Securely (\u0027Failing Open\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-65529",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529."
              }
            ],
            "source": {
              "advisory": "LEN-65529",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2021-3614",
        "datePublished": "2021-07-16T20:30:20.000Z",
        "dateReserved": "2021-06-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:01:07.203Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3453 (GCVE-0-2021-3453)

    Vulnerability from nvd – Published: 2021-07-16 20:30 – Updated: 2025-12-16 17:56
    VLAI
    Summary
    Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo BIOS Affected: various
    Create a notification for this product.
    Credits
    Lenovo thanks Binarly efiXplorer team for reporting these issues.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:53:17.675Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-3453",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-16T17:55:59.636899Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-16T17:56:22.882Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIOS",
              "vendor": "Lenovo",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo thanks Binarly efiXplorer team for reporting these issues."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693 Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T20:30:17.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529."
            }
          ],
          "source": {
            "advisory": "LEN-65529",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2021-3453",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo thanks Binarly efiXplorer team for reporting these issues."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-693 Protection Mechanism Failure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-65529",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529."
              }
            ],
            "source": {
              "advisory": "LEN-65529",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2021-3453",
        "datePublished": "2021-07-16T20:30:17.000Z",
        "dateReserved": "2021-03-19T00:00:00.000Z",
        "dateUpdated": "2025-12-16T17:56:22.882Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4028 (GCVE-0-2023-4028)

    Vulnerability from cvelistv5 – Published: 2023-08-17 16:48 – Updated: 2024-10-08 13:50
    VLAI
    Summary
    A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo Lenovo Notebook Affected: various
    Create a notification for this product.
    lenovo ideapad_flex_5_16iau7 Affected: 0
        cpe:2.3:h:lenovo:ideapad_flex_5_16iau7:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_flex_5_16iru8 Affected: 0
        cpe:2.3:h:lenovo:ideapad_flex_5_16iru8:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo 13w_yoga Affected: 82s1
    Affected: 82s2
        cpe:2.3:h:lenovo:13w_yoga:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo 13w_yoga_gen_2 Affected: 82yr
    Affected: 82y2
        cpe:2.3:h:lenovo:13w_yoga_gen_2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_5-14alc05 Affected: 0
        cpe:2.3:h:lenovo:ideapad_5-14alc05:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_5-15alc05 Affected: 0
        cpe:2.3:h:lenovo:ideapad_5-15alc05:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo flex_5-14are05 Affected: 0
        cpe:2.3:h:lenovo:flex_5-14are05:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo flex_5-14iil05 Affected: 0
        cpe:2.3:h:lenovo:flex_5-14iil05:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo flex_5-14itl05 Affected: 0
        cpe:2.3:h:lenovo:flex_5-14itl05:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo flex_5-15alc05 Affected: 0
        cpe:2.3:h:lenovo:flex_5-15alc05:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo flex_5-15iil05 Affected: 0
        cpe:2.3:h:lenovo:flex_5-15iil05:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo flex_5-15itl05 Affected: 0
        cpe:2.3:h:lenovo:flex_5-15itl05:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_1-11ada05 Affected: 0
        cpe:2.3:h:lenovo:ideapad_1-11ada05:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_1-11igl05 Affected: 0
        cpe:2.3:h:lenovo:ideapad_1-11igl05:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_1-14ada05 Affected: 0
        cpe:2.3:h:lenovo:ideapad_1-14ada05:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_1-14igl05 Affected: 0
        cpe:2.3:h:lenovo:ideapad_1-14igl05:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_flex_5_14abr8 Affected: 0
        cpe:2.3:h:lenovo:ideapad_flex_5_14abr8:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_flex_5_14alc7 Affected: 0
        cpe:2.3:h:lenovo:ideapad_flex_5_14alc7:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_flex_5_14iau7 Affected: 0
        cpe:2.3:h:lenovo:ideapad_flex_5_14iau7:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_flex_5_14iru8 Affected: 0
        cpe:2.3:h:lenovo:ideapad_flex_5_14iru8:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_flex_5_16abr8 Affected: 0
        cpe:2.3:h:lenovo:ideapad_flex_5_16abr8:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo ideapad_flex_5_16alc7 Affected: 0
        cpe:2.3:h:lenovo:ideapad_flex_5_16alc7:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo flex_7_14iau7_firmware Affected: 0
        cpe:2.3:o:lenovo:flex_7_14iau7_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo flex_7_14iru8 Affected: 0
        cpe:2.3:h:lenovo:flex_7_14iru8:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo thinkbook_13s_g2_are Affected: 0
        cpe:2.3:h:lenovo:thinkbook_13s_g2_are:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo thinkbook_13s_g2_itl Affected: 0
        cpe:2.3:h:lenovo:thinkbook_13s_g2_itl:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo thinkbook_13s_g3_acn Affected: 0
        cpe:2.3:h:lenovo:thinkbook_13s_g3_acn:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo thinkbook_13s_g4_iap Affected: 0
        cpe:2.3:h:lenovo:thinkbook_13s_g4_iap:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo thinkbook_13x_g2_iap Affected: 0
        cpe:2.3:h:lenovo:thinkbook_13x_g2_iap:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo thinkbook_14s_g2_itl Affected: 0
        cpe:2.3:h:lenovo:thinkbook_14s_g2_itl:-:*:*:*:*:*:*:*
    Create a notification for this product.
    lenovo yoga_9-15imh5 Affected: 0
        cpe:2.3:h:lenovo:yoga_9-15imh5:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:17:11.498Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_flex_5_16iau7:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_flex_5_16iau7",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_flex_5_16iru8:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_flex_5_16iru8",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:13w_yoga:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "13w_yoga",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "82s1"
                  },
                  {
                    "status": "affected",
                    "version": "82s2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:13w_yoga_gen_2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "13w_yoga_gen_2",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "82yr"
                  },
                  {
                    "status": "affected",
                    "version": "82y2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_5-14alc05:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_5-14alc05",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_5-15alc05:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_5-15alc05",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:flex_5-14are05:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flex_5-14are05",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:flex_5-14iil05:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flex_5-14iil05",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:flex_5-14itl05:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flex_5-14itl05",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:flex_5-15alc05:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flex_5-15alc05",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:flex_5-15iil05:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flex_5-15iil05",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:flex_5-15itl05:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flex_5-15itl05",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_1-11ada05:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_1-11ada05",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_1-11igl05:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_1-11igl05",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_1-14ada05:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_1-14ada05",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_1-14igl05:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_1-14igl05",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_flex_5_14abr8:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_flex_5_14abr8",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_flex_5_14alc7:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_flex_5_14alc7",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_flex_5_14iau7:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_flex_5_14iau7",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_flex_5_14iru8:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_flex_5_14iru8",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_flex_5_16abr8:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_flex_5_16abr8",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_flex_5_16alc7:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_flex_5_16alc7",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:lenovo:flex_7_14iau7_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flex_7_14iau7_firmware",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:flex_7_14iru8:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flex_7_14iru8",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:thinkbook_13s_g2_are:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "thinkbook_13s_g2_are",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:thinkbook_13s_g2_itl:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "thinkbook_13s_g2_itl",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:thinkbook_13s_g3_acn:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "thinkbook_13s_g3_acn",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:thinkbook_13s_g4_iap:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "thinkbook_13s_g4_iap",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:thinkbook_13x_g2_iap:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "thinkbook_13x_g2_iap",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:thinkbook_14s_g2_itl:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "thinkbook_14s_g2_itl",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:yoga_9-15imh5:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "yoga_9-15imh5",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4028",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T13:16:57.654067Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T13:50:36.650Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Lenovo Notebook",
              "vendor": "Lenovo",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code."
                }
              ],
              "value": "A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-17T16:48:06.884Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
                }
              ],
              "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2023-4028",
        "datePublished": "2023-08-17T16:48:06.884Z",
        "dateReserved": "2023-07-31T16:44:11.696Z",
        "dateUpdated": "2024-10-08T13:50:36.650Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1892 (GCVE-0-2022-1892)

    Vulnerability from cvelistv5 – Published: 2023-01-23 15:31 – Updated: 2025-04-02 14:37
    VLAI
    Summary
    A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo BIOS Affected: various
    Create a notification for this product.
    Credits
    Lenovo thanks Martin Smolár from ESET for reporting these issues.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:17:00.914Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-91369"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1892",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-02T14:36:42.939310Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-02T14:37:24.386Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BIOS",
              "vendor": "Lenovo",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Lenovo thanks Martin Smol\u00e1r from ESET for reporting these issues."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code."
                }
              ],
              "value": "A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-26T06:03:10.975Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-91369"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-91369\u003cbr\u003e"
                }
              ],
              "value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-91369\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2022-1892",
        "datePublished": "2023-01-23T15:31:19.243Z",
        "dateReserved": "2022-05-25T20:29:39.456Z",
        "dateUpdated": "2025-04-02T14:37:24.386Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3614 (GCVE-0-2021-3614)

    Vulnerability from cvelistv5 – Published: 2021-07-16 20:30 – Updated: 2024-08-03 17:01
    VLAI
    Summary
    A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage.
    CWE
    • CWE-636 - Not Failing Securely ('Failing Open')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Notebook BIOS Affected: various
    Create a notification for this product.
    Credits
    Lenovo thanks Tim Boyd, NCC Group for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:01:07.203Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Notebook BIOS",
              "vendor": "Lenovo",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo thanks Tim Boyd, NCC Group for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-636",
                  "description": "CWE-636 Not Failing Securely (\u0027Failing Open\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T20:30:20.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529."
            }
          ],
          "source": {
            "advisory": "LEN-65529",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2021-3614",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Notebook BIOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo thanks Tim Boyd, NCC Group for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-636 Not Failing Securely (\u0027Failing Open\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-65529",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529."
              }
            ],
            "source": {
              "advisory": "LEN-65529",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2021-3614",
        "datePublished": "2021-07-16T20:30:20.000Z",
        "dateReserved": "2021-06-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:01:07.203Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3453 (GCVE-0-2021-3453)

    Vulnerability from cvelistv5 – Published: 2021-07-16 20:30 – Updated: 2025-12-16 17:56
    VLAI
    Summary
    Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo BIOS Affected: various
    Create a notification for this product.
    Credits
    Lenovo thanks Binarly efiXplorer team for reporting these issues.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:53:17.675Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-3453",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-16T17:55:59.636899Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-16T17:56:22.882Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIOS",
              "vendor": "Lenovo",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo thanks Binarly efiXplorer team for reporting these issues."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693 Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T20:30:17.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529."
            }
          ],
          "source": {
            "advisory": "LEN-65529",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2021-3453",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo thanks Binarly efiXplorer team for reporting these issues."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-693 Protection Mechanism Failure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-65529",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529."
              }
            ],
            "source": {
              "advisory": "LEN-65529",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2021-3453",
        "datePublished": "2021-07-16T20:30:17.000Z",
        "dateReserved": "2021-03-19T00:00:00.000Z",
        "dateUpdated": "2025-12-16T17:56:22.882Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }