ThinkPad L390 Yoga Vulnerability Could Lead to Privilege Escalation

CVE-2024-7756

6.8MEDIUM

Key Information

Vendor
Lenovo
Status
10w (type 82st, 82su) Laptop (lenovo) BiOS
L390 (type 20nr, 20ns) Laptops (thinkpad) BiOS
L390 Yoga (type 20nt, 20nu) Laptops (thinkpad) BiOS
Vendor
CVE Published:
13 September 2024

Summary

A potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges by accessing an embedded UEFI shell.

Affected Version(s)

10w (Type 82ST, 82SU) Laptop (Lenovo) BIOS < 0

L390 (type 20NR, 20NS) Laptops (ThinkPad) BIOS < 1.47

L390 Yoga (type 20NT, 20NU) Laptops (ThinkPad) BIOS < 1.47

References

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Lenovo thanks Warren Togami for reporting this issue.
.