Description


A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.

Related CPE's






o

lenovo

thinkpad_e14_gen_4_firmware

2

h

lenovo

thinkpad_e14_gen_4

2





o

lenovo

thinkpad_e15_gen_4_firmware

2

h

lenovo

thinkpad_e15_gen_4

2











o

lenovo

thinkpad_l14_firmware

5

h

lenovo

thinkpad_l14

4

o

lenovo

thinkpad_l15_firmware

2

h

lenovo

thinkpad_l15

2

o

lenovo

thinkpad_l15_gen_2_firmware

2


















o

lenovo

thinkpad_p14s_gen_2_firmware

3

h

lenovo

thinkpad_p14s_gen_2

2

o

lenovo

thinkpad_p14s_gen_3_firmware

2








o

lenovo

thinkpad_p15s_gen_2_firmware

2










o

lenovo

thinkpad_p16s_gen_1_firmware

2






o

lenovo

thinkpad_p43s_firmware

2




o

lenovo

thinkpad_p53s_firmware

2




o

lenovo

thinkpad_t14_gen_1_firmware

2

h

lenovo

thinkpad_t14_gen_1

2

o

lenovo

thinkpad_t14_gen_2_firmware

3

h

lenovo

thinkpad_t14_gen_2

2

o

lenovo

thinkpad_t14_gen_3_firmware

2




o

lenovo

thinkpad_t14s_gen_2_firmware

2

h

lenovo

thinkpad_t14s_gen_2

2





o

lenovo

thinkpad_t15_gen_2_firmware

2












o

lenovo

thinkpad_t16_gen_1_firmware

2


o

lenovo

thinkpad_t490_firmware

6

h

lenovo

thinkpad_t490

3

o

lenovo

thinkpad_t490s_firmware

2


o

lenovo

thinkpad_t590_firmware

2










o

lenovo

thinkpad_x1_carbon_7th_gen_firmware

4

h

lenovo

thinkpad_x1_carbon_7th_gen

2

o

lenovo

thinkpad_x1_carbon_8th_gen_firmware

2


















o

lenovo

thinkpad_x1_yoga_4th_gen_firmware

4

h

lenovo

thinkpad_x1_yoga_4th_gen

2

o

lenovo

thinkpad_x1_yoga_5th_gen_firmware

2










o

lenovo

thinkpad_x13_gen_2_firmware

2

h

lenovo

thinkpad_x13_gen_2

2









o

lenovo

thinkpad_x390_firmware

3

h

lenovo

thinkpad_x390

2






Weaknesses



NVD-CWE-noinfo


CWE-119

CVSS impact metrics


CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-06-26T20:15:09.867

12 months ago

Last modified

2023-07-05T17:22:10.923

11 months ago