BIOS Recovery Issue in Lenovo ThinkPad Systems
CVE-2023-4030

8.4HIGH

Key Information:

Vendor: Lenovo
Status: Thinkpad
Vendor: CVE Published:; 17 August 2023

Summary

A vulnerability affecting the BIOS of certain Lenovo ThinkPad models has been identified, which poses a risk of system recovery to insecure settings in the event of BIOS corruption. Affected models include the ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2. This issue could potentially expose systems to enhanced security threats, emphasizing the importance of ensuring BIOS integrity to maintain protection against vulnerabilities.

Affected Version(s)

ThinkPad various

References

https://support.lenovo.com/us/en/product_security/LEN-134879

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 17, 2023
Vulnerability Reserved
Jul 31, 2023

Credit

Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability.