Description
A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.lenovo.com/us/en/product_security/LEN-30042
Scores
CVSS v3
6.4
EPSS
0.0014
EPSS Percentile
33.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (50)
lenovo/130-14ast_firmware
lenovo/130-14ikb_firmware
lenovo/130-15ast_firmware
lenovo/130-15ikb_firmware
lenovo/320c-15ikb_firmware
lenovo/330-14igm_firmware
lenovo/330-14ikb_firmware
lenovo/330-14ikbr_firmware
lenovo/330-15arr_firmware
lenovo/330-15arr_touch_firmware
... and 40 more
Published
Jun 09, 2020
Tracked Since
Feb 18, 2026