Description
A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://support.lenovo.com/us/en/product_security/LEN-77639
Scores
CVSS v3
6.7
EPSS
0.0004
EPSS Percentile
11.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (50)
lenovo/c340-14iml_firmware
lenovo/c340-15iml_firmware
lenovo/d330-10igm_firmware
lenovo/duet_3-10igl5_firmware
lenovo/e41-50_firmware
lenovo/flex-14iml_firmware
lenovo/flex-15iml_firmware
lenovo/ideapad_3-14are05_firmware
lenovo/ideapad_3-15are05_firmware
lenovo/ideapad_3-17are05_firmware
... and 40 more
Published
Apr 22, 2022
Tracked Since
Feb 18, 2026