Published: 26/01/2023 Updated: 03/02/2023

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lenovo thinkbook_14-iml_firmware
lenovo thinkbook_14-iil_firmware
lenovo thinkbook_15-iil_firmware
lenovo thinkbook_15-iml_firmware
lenovo yoga_c640-13iml_lte_firmware
lenovo yoga_c640-13iml_firmware

Lenovo issues firmware updates after UEFI vulnerabilities disclosed

The Register • Richard Speed • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Déjà vu all over again for laptop maker as researchers poke holes in its code

Security researchers have spotted fresh flaws in Lenovo laptops just months after the vendor patched a bunch of its products. The PC maker has now fixed the trio of bugs, which were flagged up by ESET this week. More than 70 models were impacted by this latest issue, including a number of ThinkBook devices. The vulnerabilities reported were buffer overflows in the UEFI firmware. "The vulnerabilities," explained the ESET Research team, "can be exploited to achieve arbitrary code execution in the ...

CVE-2022-1891

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect