Vulnerabilities in Lenovo
369 resultsVexday analysis
Com 369 CVEs catalogadas, o portfólio de vulnerabilidades da Lenovo apresenta taxa de exploração ativa abaixo da média geral do catálogo KEV, sem registros confirmados de exploração em curso. O tipo de falha mais frequente é CWE-20 (validação inadequada de entrada), o que sugere atenção recorrente à sanitização de dados em componentes de firmware e software proprietário. A CVE mais perigosa identificada atualmente é CVE-2022-3699, com score EPSS de 0,0428 — o maior valor observado no conjunto —, indicando probabilidade de exploração ainda relativamente baixa, mas suficiente para justificar priorização em ambientes corporativos que dependem de hardware Lenovo. As 13 vulnerabilidades surgidas nos últimos 90 dias e a presença de 4 falhas críticas reforçam a necessidade de ciclos regulares de atualização de firmware e drivers.
CVE-2023-45079MEDIUMA memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write toEPSS 0.2%CVE-2023-45078MEDIUMA memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges toEPSS 0.2%CVE-2023-45075MEDIUMA memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to writeEPSS 0.2%CVE-2023-45076MEDIUMA memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to EPSS 0.2%CVE-2023-5078MEDIUMA vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOEPSS 0.2%CVE-2023-43572MEDIUMA buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevaEPSS 0.2%CVE-2023-43568MEDIUMA buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with eleEPSS 0.2%CVE-2023-43574MEDIUMA buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attackeEPSS 0.2%CVE-2021-3720MEDIUMAn information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (LEPSS 0.2%CVE-2021-3463MEDIUMA null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause sysEPSS 0.2%CVE-2020-8357MEDIUMA denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to bEPSS 0.2%CVE-2021-3718MEDIUMA denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics settiEPSS 0.2%CVE-2024-4550MEDIUMA potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attackeEPSS 0.2%CVE-2023-3078HIGHAn uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local aEPSS 0.2%CVE-2023-6338HIGHUncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local aEPSS 0.2%CVE-2022-3431MEDIUMA potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deaEPSS 0.2%CVE-2023-4891MEDIUM
A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service.
EPSS 0.2%CVE-2022-0353MEDIUM
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to
1.3.1.2
and
Lenovo Diagnostics versEPSS 0.2%CVE-2022-3698MEDIUM
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to
1.3.1.2
and
Lenovo Diagnostics versEPSS 0.2%CVE-2024-45104MEDIUMA valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device thrEPSS 0.2%