First published: Wed Nov 08 2023(Updated: )
A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware.
Credit: psirt@lenovo.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Lenovo Thinkpad X13 Gen 3 | ||
Lenovo Thinkpad X13 Gen 3 Firmware | ||
All of | ||
Lenovo Thinkpad S2 Yoga Gen 7 | ||
Lenovo Thinkpad S2 Yoga Gen 7 Firmware | <1.19 | |
All of | ||
Lenovo Thinkpad S2 Yoga Gen 6 | ||
Lenovo Thinkpad S2 Yoga Gen 6 Firmware | ||
All of | ||
Lenovo Thinkpad S2 Gen 8 | ||
Lenovo Thinkpad S2 Gen 8 Firmware | ||
All of | ||
Lenovo Thinkpad P14s Gen 3 | ||
Lenovo Thinkpad P14s Gen 3 Firmware | ||
All of | ||
Lenovo Thinkpad P16s Gen 1 | ||
Lenovo Thinkpad P16s Gen 1 Firmware | ||
All of | ||
Lenovo Thinkpad T14 Gen 3 Firmware | ||
Lenovo Thinkpad T14 Gen 3 | ||
All of | ||
Lenovo Thinkpad T14s Gen 3 Firmware | ||
Lenovo Thinkpad T14s Gen 3 | ||
All of | ||
Lenovo Thinkpad T16 Gen 1 Firmware | ||
Lenovo Thinkpad T16 Gen 1 | ||
All of | ||
Lenovo Thinkpad L14 Gen 3 Firmware | <1.23 | |
Lenovo Thinkpad L14 Gen 3 | ||
All of | ||
Lenovo Thinkpad L14 Gen 4 Firmware | <1.1 | |
Lenovo Thinkpad L14 Gen 4 | ||
All of | ||
Lenovo Thinkpad L15 Gen 3 Firmware | <1.23 | |
Lenovo Thinkpad L15 Gen 3 | ||
All of | ||
Lenovo Thinkpad L15 Gen 4 Firmware | <1.1 | |
Lenovo Thinkpad L15 Gen 4 | ||
All of | ||
Lenovo Thinkpad L13 Yoga Gen 4 Firmware | ||
Lenovo Thinkpad L13 Yoga Gen 4 | ||
All of | ||
Lenovo Thinkpad L13 Yoga Gen 3 Firmware | <1.19 | |
Lenovo Thinkpad L13 Yoga Gen 3 | ||
All of | ||
Lenovo Thinkpad L13 Yoga Gen 2 Firmware | ||
Lenovo Thinkpad L13 Yoga Gen 2 | ||
All of | ||
Lenovo Thinkpad L13 Gen 4 Firmware | ||
Lenovo Thinkpad L13 Gen 4 | ||
All of | ||
Lenovo Thinkpad L13 Gen 3 Firmware | <1.19 | |
Lenovo Thinkpad L13 Gen 3 | ||
All of | ||
Lenovo Thinkpad L13 Gen 2 Firmware | ||
Lenovo Thinkpad L13 Gen 2 | ||
All of | ||
Lenovo Thinkpad S2 Yoga Gen 8 Firmware | ||
Lenovo Thinkpad S2 Yoga Gen 8 |
Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-5078.
The severity of CVE-2023-5078 is medium.
Lenovo Thinkpad X13 Gen 3 is affected by CVE-2023-5078.
A physical or local attacker with elevated privileges can exploit CVE-2023-5078 to tamper with BIOS firmware.
You can find more information about CVE-2023-5078 at the following link: [CVE-2023-5078](https://support.lenovo.com/us/en/product_security/LEN-141775)