Search criteria
8 vulnerabilities found for ideapad_1-11igl05_firmware by lenovo
CVE-2023-4028 (GCVE-0-2023-4028)
Vulnerability from nvd – Published: 2023-08-17 16:48 – Updated: 2024-10-08 13:50
VLAI?
Summary
A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
Severity ?
6.7 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Lenovo Notebook |
Affected:
various
|
Credits
Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_16iau7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_16iau7",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_16iru8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_16iru8",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:13w_yoga:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "13w_yoga",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "82s1"
},
{
"status": "affected",
"version": "82s2"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:13w_yoga_gen_2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "13w_yoga_gen_2",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "82yr"
},
{
"status": "affected",
"version": "82y2"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_5-14alc05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_5-14alc05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_5-15alc05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_5-15alc05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_5-14are05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_5-14are05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_5-14iil05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_5-14iil05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_5-14itl05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_5-14itl05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_5-15alc05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_5-15alc05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_5-15iil05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_5-15iil05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_5-15itl05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_5-15itl05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_1-11ada05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_1-11ada05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_1-11igl05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_1-11igl05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_1-14ada05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_1-14ada05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_1-14igl05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_1-14igl05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_14abr8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_14abr8",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_14alc7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_14alc7",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_14iau7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_14iau7",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_14iru8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_14iru8",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_16abr8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_16abr8",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_16alc7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_16alc7",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:flex_7_14iau7_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_7_14iau7_firmware",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_7_14iru8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_7_14iru8",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkbook_13s_g2_are:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkbook_13s_g2_are",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkbook_13s_g2_itl:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkbook_13s_g2_itl",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkbook_13s_g3_acn:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkbook_13s_g3_acn",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkbook_13s_g4_iap:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkbook_13s_g4_iap",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkbook_13x_g2_iap:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkbook_13x_g2_iap",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkbook_14s_g2_itl:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkbook_14s_g2_itl",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:yoga_9-15imh5:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "yoga_9-15imh5",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4028",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T13:16:57.654067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T13:50:36.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Lenovo Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"value": "A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T16:48:06.884Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2023-4028",
"datePublished": "2023-08-17T16:48:06.884Z",
"dateReserved": "2023-07-31T16:44:11.696Z",
"dateUpdated": "2024-10-08T13:50:36.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1892 (GCVE-0-2022-1892)
Vulnerability from nvd – Published: 2023-01-23 15:31 – Updated: 2025-04-02 14:37
VLAI?
Summary
A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
Severity ?
6.7 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Credits
Lenovo thanks Martin Smolár from ESET for reporting these issues.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-91369"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T14:36:42.939310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T14:37:24.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lenovo thanks Martin Smol\u00e1r from ESET for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code."
}
],
"value": "A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-26T06:03:10.975Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-91369"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-91369\u003cbr\u003e"
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-91369\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-1892",
"datePublished": "2023-01-23T15:31:19.243Z",
"dateReserved": "2022-05-25T20:29:39.456Z",
"dateUpdated": "2025-04-02T14:37:24.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3614 (GCVE-0-2021-3614)
Vulnerability from nvd – Published: 2021-07-16 20:30 – Updated: 2024-08-03 17:01
VLAI?
Summary
A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage.
Severity ?
6.4 (Medium)
CWE
- CWE-636 - Not Failing Securely ('Failing Open')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Notebook BIOS |
Affected:
various
|
Credits
Lenovo thanks Tim Boyd, NCC Group for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Notebook BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Tim Boyd, NCC Group for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-636",
"description": "CWE-636 Not Failing Securely (\u0027Failing Open\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T20:30:20",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529."
}
],
"source": {
"advisory": "LEN-65529",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Notebook BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Tim Boyd, NCC Group for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-636 Not Failing Securely (\u0027Failing Open\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-65529",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529."
}
],
"source": {
"advisory": "LEN-65529",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3614",
"datePublished": "2021-07-16T20:30:20",
"dateReserved": "2021-06-23T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3453 (GCVE-0-2021-3453)
Vulnerability from nvd – Published: 2021-07-16 20:30 – Updated: 2025-12-16 17:56
VLAI?
Summary
Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.
Severity ?
6.8 (Medium)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Lenovo thanks Binarly efiXplorer team for reporting these issues.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-3453",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T17:55:59.636899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T17:56:22.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Binarly efiXplorer team for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T20:30:17.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529."
}
],
"source": {
"advisory": "LEN-65529",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Binarly efiXplorer team for reporting these issues."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693 Protection Mechanism Failure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-65529",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529."
}
],
"source": {
"advisory": "LEN-65529",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3453",
"datePublished": "2021-07-16T20:30:17.000Z",
"dateReserved": "2021-03-19T00:00:00.000Z",
"dateUpdated": "2025-12-16T17:56:22.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-4028 (GCVE-0-2023-4028)
Vulnerability from cvelistv5 – Published: 2023-08-17 16:48 – Updated: 2024-10-08 13:50
VLAI?
Summary
A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
Severity ?
6.7 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Lenovo Notebook |
Affected:
various
|
Credits
Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_16iau7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_16iau7",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_16iru8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_16iru8",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:13w_yoga:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "13w_yoga",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "82s1"
},
{
"status": "affected",
"version": "82s2"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:13w_yoga_gen_2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "13w_yoga_gen_2",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "82yr"
},
{
"status": "affected",
"version": "82y2"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_5-14alc05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_5-14alc05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_5-15alc05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_5-15alc05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_5-14are05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_5-14are05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_5-14iil05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_5-14iil05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_5-14itl05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_5-14itl05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_5-15alc05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_5-15alc05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_5-15iil05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_5-15iil05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_5-15itl05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_5-15itl05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_1-11ada05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_1-11ada05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_1-11igl05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_1-11igl05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_1-14ada05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_1-14ada05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_1-14igl05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_1-14igl05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_14abr8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_14abr8",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_14alc7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_14alc7",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_14iau7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_14iau7",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_14iru8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_14iru8",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_16abr8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_16abr8",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_16alc7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_16alc7",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:flex_7_14iau7_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_7_14iau7_firmware",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_7_14iru8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_7_14iru8",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkbook_13s_g2_are:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkbook_13s_g2_are",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkbook_13s_g2_itl:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkbook_13s_g2_itl",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkbook_13s_g3_acn:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkbook_13s_g3_acn",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkbook_13s_g4_iap:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkbook_13s_g4_iap",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkbook_13x_g2_iap:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkbook_13x_g2_iap",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkbook_14s_g2_itl:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkbook_14s_g2_itl",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:yoga_9-15imh5:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "yoga_9-15imh5",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4028",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T13:16:57.654067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T13:50:36.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Lenovo Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"value": "A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T16:48:06.884Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2023-4028",
"datePublished": "2023-08-17T16:48:06.884Z",
"dateReserved": "2023-07-31T16:44:11.696Z",
"dateUpdated": "2024-10-08T13:50:36.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1892 (GCVE-0-2022-1892)
Vulnerability from cvelistv5 – Published: 2023-01-23 15:31 – Updated: 2025-04-02 14:37
VLAI?
Summary
A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
Severity ?
6.7 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Credits
Lenovo thanks Martin Smolár from ESET for reporting these issues.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-91369"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T14:36:42.939310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T14:37:24.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lenovo thanks Martin Smol\u00e1r from ESET for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code."
}
],
"value": "A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-26T06:03:10.975Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-91369"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-91369\u003cbr\u003e"
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-91369\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-1892",
"datePublished": "2023-01-23T15:31:19.243Z",
"dateReserved": "2022-05-25T20:29:39.456Z",
"dateUpdated": "2025-04-02T14:37:24.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3614 (GCVE-0-2021-3614)
Vulnerability from cvelistv5 – Published: 2021-07-16 20:30 – Updated: 2024-08-03 17:01
VLAI?
Summary
A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage.
Severity ?
6.4 (Medium)
CWE
- CWE-636 - Not Failing Securely ('Failing Open')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Notebook BIOS |
Affected:
various
|
Credits
Lenovo thanks Tim Boyd, NCC Group for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Notebook BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Tim Boyd, NCC Group for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-636",
"description": "CWE-636 Not Failing Securely (\u0027Failing Open\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T20:30:20",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529."
}
],
"source": {
"advisory": "LEN-65529",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Notebook BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Tim Boyd, NCC Group for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-636 Not Failing Securely (\u0027Failing Open\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-65529",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529."
}
],
"source": {
"advisory": "LEN-65529",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3614",
"datePublished": "2021-07-16T20:30:20",
"dateReserved": "2021-06-23T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3453 (GCVE-0-2021-3453)
Vulnerability from cvelistv5 – Published: 2021-07-16 20:30 – Updated: 2025-12-16 17:56
VLAI?
Summary
Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.
Severity ?
6.8 (Medium)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Lenovo thanks Binarly efiXplorer team for reporting these issues.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-3453",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T17:55:59.636899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T17:56:22.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Binarly efiXplorer team for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T20:30:17.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529."
}
],
"source": {
"advisory": "LEN-65529",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Binarly efiXplorer team for reporting these issues."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693 Protection Mechanism Failure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-65529",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529."
}
],
"source": {
"advisory": "LEN-65529",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3453",
"datePublished": "2021-07-16T20:30:17.000Z",
"dateReserved": "2021-03-19T00:00:00.000Z",
"dateUpdated": "2025-12-16T17:56:22.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}