Security restrictions bypass in Lenovo ThinkPad products
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-5078 |
| CWE-ID | CWE-254 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
ThinkPad S2 Yoga Gen 8 Types 21FU China Only Hardware solutions / Firmware ThinkPad L13 Gen 2 21AB s Hardware solutions / Firmware ThinkPad L13 Gen 2 21AC s Hardware solutions / Firmware ThinkPad L13 Gen 4 21FN Hardware solutions / Firmware ThinkPad L13 Gen 4 21FQ Hardware solutions / Firmware ThinkPad L13 Yoga Gen 2 21AD s Hardware solutions / Firmware ThinkPad L13 Yoga Gen 2 21AE s Hardware solutions / Firmware ThinkPad L13 Yoga Gen 4 21FR Hardware solutions / Firmware ThinkPad L13 Yoga Gen 4 21FS Hardware solutions / Firmware ThinkPad P14s Gen 3 21J5 Hardware solutions / Firmware ThinkPad P14s Gen 3 21J6 Hardware solutions / Firmware ThinkPad P16s Gen 1 21CK Hardware solutions / Firmware ThinkPad P16s Gen 1 21CL Hardware solutions / Firmware ThinkPad T14 Gen 3 21CF Hardware solutions / Firmware ThinkPad T14 Gen 3 21CG Hardware solutions / Firmware ThinkPad T14s Gen 3 21CQ 21CR Hardware solutions / Firmware ThinkPad T16 Gen 1 21CH Hardware solutions / Firmware ThinkPad T16 Gen 1 21CJ Hardware solutions / Firmware ThinkPad S2 Gen 6 Type 21AF China Only Hardware solutions / Firmware ThinkPad S2 Gen 8 Types 21FT Chine Only Hardware solutions / Firmware ThinkPad S2 Yoga Gen 6 Type 21AG China Only Hardware solutions / Firmware ThinkPad X13 Gen 3 21CM 21CN Hardware solutions / Firmware ThinkPad L13 Gen 3 21B9 21BA Hardware solutions / Firmware ThinkPad L13 Yoga Gen 3 21BB Hardware solutions / Firmware ThinkPad L13 Yoga Gen 3 21BC Hardware solutions / Firmware ThinkPad L14 Gen 3 21C5 s Hardware solutions / Firmware ThinkPad L14 Gen 3 21C6 s Hardware solutions / Firmware ThinkPad L14 Gen 4 21H5 s Hardware solutions / Firmware ThinkPad L14 Gen 4 21H6 s Hardware solutions / Firmware ThinkPad L15 Gen 3 21C7 s Hardware solutions / Firmware ThinkPad L15 Gen 3 21C8 s Hardware solutions / Firmware ThinkPad L15 Gen 4 21H7 s Hardware solutions / Firmware ThinkPad L15 Gen 4 21H8 s Hardware solutions / Firmware ThinkPad S2 Gen 7 Type 21BD Hardware solutions / Firmware ThinkPad S2 Yoga Gen 7 Type 21BE Hardware solutions / Firmware |
| Vendor | Lenovo |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Security features bypass
EUVDB-ID: #VU81984
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5078
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows an attacker to compromise the affected system.
The vulnerability exists due to unspecified error in the BIOS of some Lenovo ThinkPad products. An attacker with physical access to device can tamper with BIOS firmware.
MitigationInstall updates from vendor's website.
Vulnerable software versionsThinkPad S2 Yoga Gen 8 Types 21FU China Only: All versions
ThinkPad L13 Gen 2 21AB s: All versions
ThinkPad L13 Gen 2 21AC s: All versions
ThinkPad L13 Gen 4 21FN: All versions
ThinkPad L13 Gen 4 21FQ: All versions
ThinkPad L13 Yoga Gen 2 21AD s: All versions
ThinkPad L13 Yoga Gen 2 21AE s: All versions
ThinkPad L13 Yoga Gen 4 21FR: All versions
ThinkPad L13 Yoga Gen 4 21FS: All versions
ThinkPad P14s Gen 3 21J5: All versions
ThinkPad P14s Gen 3 21J6: All versions
ThinkPad P16s Gen 1 21CK: All versions
ThinkPad P16s Gen 1 21CL: All versions
ThinkPad T14 Gen 3 21CF: All versions
ThinkPad T14 Gen 3 21CG: All versions
ThinkPad T14s Gen 3 21CQ 21CR: All versions
ThinkPad T16 Gen 1 21CH: All versions
ThinkPad T16 Gen 1 21CJ: All versions
ThinkPad S2 Gen 6 Type 21AF China Only: All versions
ThinkPad S2 Gen 8 Types 21FT Chine Only: All versions
ThinkPad S2 Yoga Gen 6 Type 21AG China Only: All versions
ThinkPad X13 Gen 3 21CM 21CN: All versions
ThinkPad L13 Gen 3 21B9 21BA: before 1.19
ThinkPad L13 Yoga Gen 3 21BB: before 1.19
ThinkPad L13 Yoga Gen 3 21BC: before 1.19
ThinkPad L14 Gen 3 21C5 s: before 1.23
ThinkPad L14 Gen 3 21C6 s: before 1.23
ThinkPad L14 Gen 4 21H5 s: before 1.10
ThinkPad L14 Gen 4 21H6 s: before 1.10
ThinkPad L15 Gen 3 21C7 s: before 1.23
ThinkPad L15 Gen 3 21C8 s: before 1.23
ThinkPad L15 Gen 4 21H7 s: before 1.10
ThinkPad L15 Gen 4 21H8 s: before 1.10
ThinkPad S2 Gen 7 Type 21BD: before 1.19
ThinkPad S2 Yoga Gen 7 Type 21BE: before 1.19
External linkshttp://support.lenovo.com/us/en/product_security/LEN-141775
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
