In System Management Module (SMM) versions before 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows.
lenovo system_management_module_firmware