Vulnerabilities (CVE)

Filtered by vendor Lenovo Subscribe
Filtered by product Thinkpad X1 Fold Gen 1 Firmware
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-4574 1 Lenovo 108 Thinkpad L14, Thinkpad L14 Firmware, Thinkpad L14 Gen 2 and 105 more 2024-11-21 N/A 6.7 MEDIUM
An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.  
CVE-2022-4573 1 Lenovo 2 Thinkpad X1 Fold Gen 1, Thinkpad X1 Fold Gen 1 Firmware 2024-11-21 N/A 6.7 MEDIUM
An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2022-1108 1 Lenovo 2 Thinkpad X1 Fold Gen 1, Thinkpad X1 Fold Gen 1 Firmware 2024-11-21 7.2 HIGH 6.7 MEDIUM
A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2021-3843 1 Lenovo 59 Thinkpad 11e 3rd Gen, Thinkpad 11e 3rd Gen Firmware, Thinkpad 11e 4th Gen Celeron and 56 more 2024-11-21 7.2 HIGH 6.7 MEDIUM
A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2021-3786 1 Lenovo 266 Ideapad S940-14iwl, Ideapad S940-14iwl Firmware, Ideapad Yoga S940-14iwl and 263 more 2024-11-21 2.1 LOW 4.4 MEDIUM
A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range.
CVE-2021-3599 1 Lenovo 266 Ideapad S940-14iwl, Ideapad S940-14iwl Firmware, Ideapad Yoga S940-14iwl and 263 more 2024-11-21 7.2 HIGH 6.7 MEDIUM
A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.