This page lists publicly disclosed CVE vulnerabilities affecting lenovo thinkpad_p53_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-48189 | An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. | [email protected] | 6.7 | 0.19% | 2023-10-30 | 2026-06-17 |
| CVE-2023-2290 | A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code. | [email protected] | 6.4 | 0.15% | 2023-06-26 | 2026-06-17 |
| CVE-2022-40134 | An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. | [email protected] | 4.4 | 0.20% | 2023-01-30 | 2026-06-17 |
| CVE-2021-3786 | A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range. | [email protected] | 4.4 | 0.23% | 2021-11-12 | 2026-06-17 |
| CVE-2021-3599 | A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. | [email protected] | 6.7 | 0.28% | 2021-11-12 | 2026-06-17 |
| CVE-2019-18619 | Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers. | [email protected] | 7.8 | 0.47% | 2020-07-22 | 2026-06-16 |
| CVE-2019-18618 | Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table. | [email protected] | 6.0 | 0.48% | 2020-07-22 | 2026-06-16 |
| CVE-2020-8323 | A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution. | [email protected] | 6.4 | 0.31% | 2020-06-09 | 2026-06-16 |
| CVE-2020-8320 | An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege. | [email protected] | 6.4 | 0.27% | 2020-06-09 | 2026-06-16 |
| CVE-2019-6188 | The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access. | [email protected] | 9.8 | 1.32% | 2019-11-12 | 2026-06-16 |
| CVE-2019-6172 | A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution. | [email protected] | 6.4 | 0.33% | 2019-11-12 | 2026-06-16 |
| CVE-2019-6170 | A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution. | [email protected] | 6.4 | 0.35% | 2019-11-12 | 2026-06-16 |