CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

lenovo

thinkpad_yoga_15_firmware

4 known vulnerabilities · sorted by CVSS score

CVE-2021-3453

MEDIUM6.8

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.

lenovo / thinkpad_helix_firmware+20

Physical

Published Jul 16, 2021

CVE-2021-3599

MEDIUM6.7

A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

lenovo / thinkpad_x380_yoga_firmware+135

Local

Published Nov 12, 2021

CVE-2022-1107

MEDIUM6.7

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.

lenovo / thinkpad_11e_firmware+29

Local

Published Apr 22, 2022

CVE-2021-3786

MEDIUM4.4

A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range.

lenovo / thinkpad_x380_yoga_firmware+135

Local

Published Nov 12, 2021