Author: Cyberthreat Blog

In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.

In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system’s embedded controller, which could cause a denial of service attack on the system or the ability to...

Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the “Broadpwn” issue.

In the Lenovo Power Management driver before 1.67.12.24, a local user may alter the trackpoint’s firmware and stop the trackpoint from functioning correctly. This issue only affects ThinkPad X1 Carbon 5th generation.

In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate.