3 known vulnerabilities · sorted by CVSS score
An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.
Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash.
A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.