漏洞标题
N/A
漏洞描述信息
一些ThinkPad系统的BIOS签名内核驱动程序中发现了一个漏洞,该漏洞可能导致具有Windows管理员权限的黑客调用系统管理模式(SMM)服务。这可能导致拒绝服务攻击,或者允许某些BIOS变量或设置被更改(例如启动顺序)。该漏洞对BIOS密码的设置或更改无影响。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
多款Lenovo ThinkPad产品安全绕过漏洞
漏洞描述信息
Lenovo Yoga 11e等都是中国联想(Lenovo)公司的电脑产品。 多款Lenovo ThinkPad产品中存在本地安全绕过漏洞。本地攻击者可利用该漏洞绕过安全限制,执行未授权操作。以下产品受到影响:Lenovo Yoga 11e(Skylake),Lenovo Yoga 11e (Beema),Lenovo ThinkPad Yoga 260 S1,Lenovo ThinkPad Yoga 14 460 S3,Lenovo ThinkPad Yoga 11e (Broadwell)Lenovo
CVSS信息
N/A
漏洞类别
其他