Home
HIGH: 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NMEDIUM: 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HDefault status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Description
A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code.
Problem types
CWE-665: Improper Initialization
Product status
Any version
Any version
Any version
Any version
Any version
Any version
Any version
Any version
Credits
Lenovo thanks Krzysztof Okupski of IOActive for reporting this issue.
References
support.lenovo.com/us/en/product_security/LEN-213040