Design/Logic Flaw

2023-08-2320:15:00

PRIOn knowledge base

www.prio-n.com

lenovo

bios

vulnerability

smi

local attacker

elevated privileges

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI.

CPENameOperatorVersion
ideapad_1-14ijl7_firmwareeq< htcn31ww
ideapad_1-15ijl7_firmwareeq< htcn31ww
ideapad_1_14iau7_firmwareeq< jkcn34ww
ideapad_1_14igl7_firmwareeq< kkcn15ww
ideapad_1_15iau7_firmwareeq< jkcn34ww
ideapad_1_15igl7_firmwareeq< kkcn15ww
ideapad_3-14igl05_firmwareeq< dvcn28ww
ideapad_3-14iil05_firmwareeq< emcn56ww
ideapad_3-14iml05_firmwareeq< dxcn44ww
ideapad_3-14itl05_firmwareeq< gccn32ww

Name	Operator	Version
ideapad_1-14ijl7_firmware	eq	< htcn31ww
ideapad_1-15ijl7_firmware	eq	< htcn31ww
ideapad_1_14iau7_firmware	eq	< jkcn34ww
ideapad_1_14igl7_firmware	eq	< kkcn15ww
ideapad_1_15iau7_firmware	eq	< jkcn34ww
ideapad_1_15igl7_firmware	eq	< kkcn15ww
ideapad_3-14igl05_firmware	eq	< dvcn28ww
ideapad_3-14iil05_firmware	eq	< emcn56ww
ideapad_3-14iml05_firmware	eq	< dxcn44ww
ideapad_3-14itl05_firmware	eq	< gccn32ww