Out-of-Bounds Write Vulnerability in Lenovo ThinkPad BIOS
CVE-2025-10238
8.4HIGH
Key Information:
What is CVE-2025-10238?
A potential out-of-bounds write vulnerability was identified in the BIOS of select Lenovo ThinkPad products, which could allow a privileged local user to execute arbitrary code in System Management Mode (SMM). This flaw may pose serious security risks, compromising system integrity and providing unauthorized access to sensitive operations.
Affected Version(s)
E14 Gen 4 (type 21E3, 21E4) Laptops (ThinkPad) BIOS 0 < 1.34
E14 Gen 5 (Type 21JR, 21JS) Laptop (ThinkPad) BIOS 0 < 1.29
E14 Gen 6 (Type 21M3, 21M4) Laptops (ThinkPad) BIOS 0 < 1.27