Vulnerabilities > Lenovo > Thinkcentre M900X Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-01-30 CVE-2022-40136 Out-of-bounds Read vulnerability in Lenovo products
An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
local
low complexity
lenovo CWE-125
4.4
2022-04-22 CVE-2021-4210 Unspecified vulnerability in Lenovo products
A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.
local
low complexity
lenovo
6.7
2022-04-22 CVE-2021-4211 Improper Input Validation vulnerability in Lenovo products
A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.
local
low complexity
lenovo CWE-20
6.7
2021-11-12 CVE-2021-3719 Unspecified vulnerability in Lenovo products
A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code.
local
low complexity
lenovo
6.7