Common Weakness Enumeration

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CVE-2025-0684 (GCVE-0-2025-0684)

Vulnerability from cvelistv5 – Published: 2025-03-03 17:14 – Updated: 2026-06-29 23:24
VLAI
Title
Grub2: reiserfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
Summary
A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_reiserfs_read_symlink() will call grub_reiserfs_read_real() with a overflown length parameter, leading to a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and can result in arbitrary code execution, by-passing secure boot protections.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Affected: 0 , ≤ 2.12 (semver)
Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Create a notification for this product.
Date Public
2025-02-18 18:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0684",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-04T16:14:33.211120Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-04T16:14:41.428Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.gnu.org/software/grub/",
          "defaultStatus": "unaffected",
          "packageName": "grub2",
          "versions": [
            {
              "lessThanOrEqual": "2.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "grub2",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "grub2",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "grub2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "grub2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-02-18T18:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub\u0027s reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_reiserfs_read_symlink() will call grub_reiserfs_read_real() with a overflown length parameter, leading to a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub\u0027s internal critical data and can result in arbitrary code execution, by-passing secure boot protections."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-29T23:24:51.364Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-0684"
        },
        {
          "name": "RHBZ#2346119",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346119"
        },
        {
          "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-02-17T15:12:50.927Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-02-18T18:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Grub2: reiserfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-787: Out-of-bounds Write"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-0684",
    "datePublished": "2025-03-03T17:14:07.911Z",
    "dateReserved": "2025-01-23T19:05:34.260Z",
    "dateUpdated": "2026-06-29T23:24:51.364Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-0685 (GCVE-0-2025-0685)

Vulnerability from cvelistv5 – Published: 2025-03-03 17:14 – Updated: 2026-06-29 23:24
VLAI
Title
Grub2: jfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
Summary
A flaw was found in grub2. When reading data from a jfs filesystem, grub's jfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_jfs_lookup_symlink() function will write past the internal buffer length during grub_jfs_read_file(). This issue can be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Affected: 0 , ≤ 2.12 (semver)
Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Create a notification for this product.
Date Public
2025-02-18 18:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0685",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-04T16:13:24.859221Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-04T16:13:48.628Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.gnu.org/software/grub/",
          "defaultStatus": "unaffected",
          "packageName": "grub2",
          "versions": [
            {
              "lessThanOrEqual": "2.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "grub2",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "grub2",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "grub2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "grub2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-02-18T18:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in grub2. When reading data from a jfs filesystem, grub\u0027s jfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_jfs_lookup_symlink() function will write past the internal buffer length during grub_jfs_read_file(). This issue can be leveraged to corrupt grub\u0027s internal critical data and may result in arbitrary code execution, by-passing secure boot protections."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-29T23:24:53.080Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-0685"
        },
        {
          "name": "RHBZ#2346120",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346120"
        },
        {
          "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-02-17T15:26:31.971Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-02-18T18:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Grub2: jfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-787: Out-of-bounds Write"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-0685",
    "datePublished": "2025-03-03T17:14:23.575Z",
    "dateReserved": "2025-01-23T19:09:21.691Z",
    "dateUpdated": "2026-06-29T23:24:53.080Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-0686 (GCVE-0-2025-0686)

Vulnerability from cvelistv5 – Published: 2025-03-03 17:14 – Updated: 2026-06-29 23:24
VLAI
Title
Grub2: romfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading dat
Summary
A flaw was found in grub2. When performing a symlink lookup from a romfs filesystem, grub's romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_romfs_read_symlink() may cause out-of-bounds writes when the calling grub_disk_read() function. This issue may be leveraged to corrupt grub's internal critical data and can result in arbitrary code execution by-passing secure boot protections.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Affected: 0 , ≤ 2.12 (semver)
Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Create a notification for this product.
Date Public
2025-02-18 18:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0686",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-04T16:11:43.388154Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-04T16:12:08.515Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.gnu.org/software/grub/",
          "defaultStatus": "unaffected",
          "packageName": "grub2",
          "versions": [
            {
              "lessThanOrEqual": "2.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "grub2",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "grub2",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "grub2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "grub2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-02-18T18:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in grub2. When performing a symlink lookup from a romfs filesystem, grub\u0027s romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_romfs_read_symlink() may cause out-of-bounds writes when the calling grub_disk_read() function. This issue may be leveraged to corrupt grub\u0027s internal critical data and can result in arbitrary code execution by-passing secure boot protections."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-29T23:24:55.928Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-0686"
        },
        {
          "name": "RHBZ#2346121",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346121"
        },
        {
          "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-02-17T15:30:22.191Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-02-18T18:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Grub2: romfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading dat",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-787: Out-of-bounds Write"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-0686",
    "datePublished": "2025-03-03T17:14:30.632Z",
    "dateReserved": "2025-01-23T19:13:28.900Z",
    "dateUpdated": "2026-06-29T23:24:55.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-0690 (GCVE-0-2025-0690)

Vulnerability from cvelistv5 – Published: 2025-02-24 07:53 – Updated: 2026-06-29 23:25
VLAI
Title
Grub2: read: integer overflow may lead to out-of-bounds write
Summary
The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub's internal critical data and secure boot bypass is not discarded as consequence.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Affected: 0 , ≤ 2.12 (semver)
Red Hat Red Hat Enterprise Linux 9 Unaffected: 1:2.06-104.el9_6 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:9::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Create a notification for this product.
Date Public
2025-02-18 18:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0690",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-24T11:17:51.239076Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-16T16:47:24.259Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.gnu.org/software/grub/",
          "defaultStatus": "unaffected",
          "packageName": "grub2",
          "versions": [
            {
              "lessThanOrEqual": "2.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "grub2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.06-104.el9_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "grub2",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "grub2",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unknown",
          "packageName": "grub2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-02-18T18:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it\u0027s possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub\u0027s internal critical data and secure boot bypass is not discarded as consequence."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-29T23:25:00.272Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:6990",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:6990"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-0690"
        },
        {
          "name": "RHBZ#2346123",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346123"
        },
        {
          "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-02-17T15:37:14.300Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-02-18T18:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Grub2: read: integer overflow may lead to out-of-bounds write",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-787: Out-of-bounds Write"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-0690",
    "datePublished": "2025-02-24T07:53:30.081Z",
    "dateReserved": "2025-01-23T20:01:36.565Z",
    "dateUpdated": "2026-06-29T23:25:00.272Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-0910 (GCVE-0-2025-0910)

Vulnerability from cvelistv5 – Published: 2025-02-11 19:58 – Updated: 2025-02-12 15:29
VLAI
Title
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Summary
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25748.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
zdi
References
Impacted products
Date Public
2025-01-31 22:07
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0910",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T20:31:04.883430Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T15:29:36.125Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "PDF-XChange Editor",
          "vendor": "PDF-XChange",
          "versions": [
            {
              "status": "affected",
              "version": "10.4.3.391"
            }
          ]
        }
      ],
      "dateAssigned": "2025-01-30T20:36:52.930Z",
      "datePublic": "2025-01-31T22:07:09.210Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write  past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25748."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-11T19:58:17.542Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-25-065",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-065/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Anonymous"
      },
      "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2025-0910",
    "datePublished": "2025-02-11T19:58:17.542Z",
    "dateReserved": "2025-01-30T20:36:52.883Z",
    "dateUpdated": "2025-02-12T15:29:36.125Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-10238 (GCVE-0-2025-10238)

Vulnerability from cvelistv5 – Published: 2026-06-10 14:11 – Updated: 2026-06-11 03:55
VLAI
Summary
During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in System Management Mode (SMM).
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Lenovo X13 Gen 6 (Type 21RK, 21RL) Laptops (ThinkPad) BIOS Affected: 0 , < 1.12 (custom)
Create a notification for this product.
Lenovo X1 Carbon 13th Gen (Type 21NX, 21NY) Laptops (ThinkPad) BIOS Affected: 0 , < 1.15 (custom)
Create a notification for this product.
Lenovo P16v Gen 3 (Type 21RS, 21RT) Laptop (ThinkPad) BIOS Affected: 0 , < BIOS: 1.13 / ECFW: 1.09 (custom)
Create a notification for this product.
Lenovo L16 Gen 1 (Type 21L7 21L8) Laptops (ThinkPad) BIOS Affected: 0 , < 1.40 (custom)
Create a notification for this product.
Lenovo T14s Gen 6 (Type 21TB, 21TC) Laptops (ThinkPad) BIOS Affected: 0 , < 1.11 (custom)
Create a notification for this product.
Lenovo P14s Gen 6 (Type 21QT, 21QU) Laptops (ThinkPad) BIOS Affected: 0 , < UEFI BIOS V1.22/ECP V1.13 (custom)
Create a notification for this product.
Lenovo L13 Gen 6 (Type 21RB, 21RC) Laptops (ThinkPad) BIOS Affected: 0 , < 1.15 (custom)
Create a notification for this product.
Lenovo L14 Gen 6 (Type 21SE, 21SF) Laptops (ThinkPad) BIOS Affected: 0 , < 1.14 (custom)
Create a notification for this product.
Lenovo E16 Gen 3 (Type 22AY, 22B0) Laptop (ThinkPad) BIOS Affected: 0 , < 1.38 (custom)
Create a notification for this product.
Lenovo L16 Gen 2 (Type 21SC, 21SD) Laptops (ThinkPad) BIOS Affected: 0 , < 1.13 (custom)
Create a notification for this product.
Lenovo X13 Gen 6 (Type 21RM, 21RN) Laptops (ThinkPad) BIOS Affected: 0 , < 1.62/1.12 (custom)
Create a notification for this product.
Lenovo T14s Gen 6 (Type 21R1, 21R2) Laptops (ThinkPad) BIOS Affected: 0 , < 1.10 (custom)
Create a notification for this product.
Lenovo X1 2-in-1 Gen 9 (Type 21KE, 21KF) Laptop (ThinkPad) BIOS Affected: 0 , < 1.45 (custom)
Create a notification for this product.
Lenovo X1 Fold 16 Gen 1 (Type 21ES, 21ET) Laptop (ThinkPad) BIOS Affected: 0 , < 1.25 (custom)
Create a notification for this product.
Lenovo Z16 Gen 2 (Type 21JX, 21JY) Laptop (ThinkPad) BIOS Affected: 0 , < 1.37 (custom)
Create a notification for this product.
Lenovo P16v Gen 1 (Type 21FE, 21FF) Laptop (ThinkPad) BIOS Affected: 0 , < 1.65/1.13 (custom)
Create a notification for this product.
Lenovo X13 Gen 4 (Type 21J3, 21J4) Laptop (ThinkPad) BIOS Affected: 0 , < 1.37 (custom)
Create a notification for this product.
Lenovo T14s Gen 4 (Type 21F8, 21F9) Laptop (ThinkPad) BIOS Affected: 0 , < 1.28 (custom)
Create a notification for this product.
Lenovo P14s Gen 4 (Type 21K5, 21K6) Laptop (ThinkPad) BIOS Affected: 0 , < 1.47 (custom)
Create a notification for this product.
Lenovo P1 Gen 6 (Type 21FV, 21FW) Laptop (ThinkPad) BIOS Affected: 0 , < 1.38 (custom)
Create a notification for this product.
Lenovo P16v Gen 1 (Type 21FC, 21FD) Laptop (ThinkPad) BIOS Affected: 0 , < BIOS: 1.40 / ECFW: 1.09 (custom)
Create a notification for this product.
Lenovo P16 Gen 2 (Type 21FA, 21FB) Laptop (ThinkPad) BIOS Affected: 0 , < BIOS: 1.61 / ECFW: 1.57 (custom)
Create a notification for this product.
Lenovo X13 Yoga Gen 4 (Type 21F2, 21F3) Laptop (ThinkPad) BIOS Affected: 0 , < 1.22 (custom)
Create a notification for this product.
Lenovo P16s Gen 2 (Type 21HK, 21HL) Laptop (ThinkPad) BIOS Affected: 0 , < 1.51 (custom)
Create a notification for this product.
Lenovo E14 Gen 5 (Type 21JR, 21JS) Laptop (ThinkPad) BIOS Affected: 0 , < 1.29 (custom)
Create a notification for this product.
Lenovo T14s Gen 4 (Type 21F6, 21F7) Laptop (ThinkPad) BIOS Affected: 0 , < 1.23 (custom)
Create a notification for this product.
Lenovo ThinkPad R14 Gen 5 Type 21JM PRC BIOS Affected: 0 , < 1.41 (custom)
Create a notification for this product.
Lenovo L14 Gen 4 (Type 21H1, 21H2) Laptop (ThinkPad) BIOS Affected: 0 , < 1.34 (custom)
Create a notification for this product.
Lenovo L13 Gen 4 (Type 21FG, 21FH) Laptop (ThinkPad) BIOS Affected: 0 , < 1.24 (custom)
Create a notification for this product.
Lenovo X1 Nano Gen 3 (Type 21K1, 21K2) Laptop (ThinkPad) BIOS Affected: 0 , < 1.28 (custom)
Create a notification for this product.
Lenovo S2 Yoga Gen 8 (Types 21FU) China Only Laptop (ThinkPad) BIOS Affected: 0 , < 1.28 (custom)
Create a notification for this product.
Lenovo L15 Gen 4 (Type 21H7, 21H8) Laptops (ThinkPad) BIOS Affected: 0 , < 1.27 (custom)
Create a notification for this product.
Lenovo X1 Yoga 8th Gen (Type 21HQ, 21HR) Laptop (ThinkPad) BIOS Affected: 0 , < 1.37 (custom)
Create a notification for this product.
Lenovo T14s Gen 6 (Type 21M1, 21M2) Laptops (ThinkPad) BIOS Affected: 0 , < 1.62/1.12 (custom)
Create a notification for this product.
Lenovo P15v Gen 3 (Type 21EN 21EM) Laptop (ThinkPad) BIOS Affected: 0 , ≤ 1.28 (custom)
Create a notification for this product.
Lenovo P16 Gen 1 (Type 21D6, 21D7) Laptop (ThinkPad) BIOS Affected: 0 , < 1.69 (custom)
Create a notification for this product.
Lenovo X1 2-in-1 Gen 10 (Type 21NU, 21NV) Laptop (ThinkPad) BIOS Affected: 0 , < 1.39 (custom)
Create a notification for this product.
Lenovo X9-15 Gen 1 (Type 21Q6, 21Q7) Laptop (ThinkPad) BIOS Affected: 0 , < 1.17 (custom)
Create a notification for this product.
Lenovo X9-14 Gen 1 (Type 21QA, 21QB) Laptop (ThinkPad) BIOS Affected: 0 , < 1.21 (custom)
Create a notification for this product.
Lenovo T14s Gen 5 (Type 21LS, 21LT) Laptop (ThinkPad) BIOS Affected: 0 , < 1.14 (custom)
Create a notification for this product.
Lenovo L14 Gen 5 (Type 21L1, 21L2) Laptops (ThinkPad) BIOS Affected: 0 , < 1.24 (custom)
Create a notification for this product.
Lenovo E14 Gen 6 (Type 21M3, 21M4) Laptops (ThinkPad) BIOS Affected: 0 , < 1.27 (custom)
Create a notification for this product.
Lenovo E16 Gen 3 (Type 21SR, 21SS) Laptops (ThinkPad) BIOS Affected: 0 , < 1.11 (custom)
Create a notification for this product.
Lenovo T14 Gen 3 (Type 21AH, 21AJ) Laptop (ThinkPad) BIOS Affected: 0 , < 1.45/1.25 (custom)
Create a notification for this product.
Lenovo T15p Gen 3 (Type 21DA 21DB) Laptop (ThinkPad) BIOS Affected: 0 , < 1.67 (custom)
Create a notification for this product.
Lenovo P1 Gen 5 (Type 21DC 21DD) Laptop (ThinkPad) BIOS Affected: 0 , < 1.29 (custom)
Create a notification for this product.
Lenovo T14s Gen 3 (Type 21CQ 21CR) Laptop (ThinkPad) BIOS Affected: 0 , < 1.51 (custom)
Create a notification for this product.
Lenovo P14s Gen 3 (Type 21J5, 21J6) Laptop (ThinkPad) BIOS Affected: 0 , < 1.63 (custom)
Create a notification for this product.
Lenovo Z16 Gen 1 (Type 21D4, 21D5) Laptop (ThinkPad) BIOS Affected: 0 , < 1.76 (custom)
Create a notification for this product.
Lenovo T14s Gen 3 (Type 21BR 21BS) Laptop (ThinkPad) BIOS Affected: 0 , < 1.48 (custom)
Create a notification for this product.
Lenovo L14 Gen 3 (type 21C1, 21C2) Laptops (ThinkPad) BIOS Affected: 0 , < 1.44 (custom)
Create a notification for this product.
Lenovo X13 Yoga Gen 3 (Type 21AW 21AX) Laptop (ThinkPad) BIOS Affected: 0 , < 1.25 (custom)
Create a notification for this product.
Lenovo L13 Yoga Gen 3 (Type 21B5, 21B6) Laptop (ThinkPad) BIOS Affected: 0 , < 1.31 (custom)
Create a notification for this product.
Lenovo E14 Gen 4 (type 21E3, 21E4) Laptops (ThinkPad) BIOS Affected: 0 , < 1.34 (custom)
Create a notification for this product.
Lenovo X1 Nano Gen 2 (Type 21E8 21E9) Laptop (ThinkPad) BIOS Affected: 0 , < 1.32 (custom)
Create a notification for this product.
Lenovo E15 Gen 4 (type 21ED 21EE) Laptop (ThinkPad) BIOS Affected: 0 , < 1.27 (custom)
Create a notification for this product.
Lenovo ThinkPad S2 Gen 7 Type 21BD BIOS Affected: 0 , ≤ 1.36 (custom)
Create a notification for this product.
Lenovo X1 Yoga 7th Gen (Type 21CD, 21CE) Laptop (ThinkPad) BIOS Affected: 0 , < 1.52 (custom)
Create a notification for this product.
Lenovo L14 Gen 3 (type 21C5, 21C6) Laptops (ThinkPad) BIOS Affected: 0 , < 1.36 (custom)
Create a notification for this product.
Lenovo ThinkPad S2 Yoga Gen 6 Type 20VN China Only BIOS Affected: 0 , < 1.38/1.36 (custom)
Create a notification for this product.
Lenovo X1 Yoga 6th Gen (Type 20XY, 20Y0) Laptop (ThinkPad) BIOS Affected: 0 , < 1.75 (custom)
Create a notification for this product.
Lenovo E15 Gen 3 (Type 20YG, 20YH, 20YJ, 20YK) Laptop (ThinkPad) BIOS Affected: 0 , < 1.24 (custom)
Create a notification for this product.
Lenovo X13 Yoga Gen 2 (Type 20W8, 20W9) Laptop (ThinkPad) BIOS Affected: 0 , < 1.51 (custom)
Create a notification for this product.
Lenovo X13 Gen 2 (Type 20WK, 20WL) Laptop (ThinkPad) BIOS Affected: 0 , < 1.64 (custom)
Create a notification for this product.
Lenovo L14 Gen 2 (type 20X5, 20X6) Laptop (ThinkPad) BIOS Affected: 0 , < 1.36 (custom)
Create a notification for this product.
Lenovo T15g Gen 1 (type 20UR 20US) Laptop (ThinkPad) BIOS Affected: 0 , < 1.97 (custom)
Create a notification for this product.
Lenovo X13 Gen 2 (Type 20XH, 20XJ) Laptop (ThinkPad) BIOS Affected: 0 , < 1.36 (custom)
Create a notification for this product.
Lenovo T15p Gen 2 (Type 21A7, 21A8) Laptop (ThinkPad) BIOS Affected: 0 , < 1.83 (custom)
Create a notification for this product.
Lenovo P14s Gen 2 (type 21A0, 21A1) Laptop (ThinkPad) BIOS Affected: 0 , < 1.33 (custom)
Create a notification for this product.
Lenovo ThinkPad S2 Yoga Gen 6 Type 21AG China Only BIOS Affected: 0 , ≤ 1.38 (custom)
Create a notification for this product.
Lenovo X1 Extreme 4th Gen (Type 20Y5, 20Y6) Laptop (ThinkPad) BIOS Affected: 0 , < 1.33 (custom)
Create a notification for this product.
Lenovo P17 Gen 2 (type 20YU, 20YV) Laptops (ThinkPad) BIOS Affected: 0 , < 1.97 (custom)
Create a notification for this product.
Lenovo X1 Titanium (Type 20QA, 20QB) Laptop (ThinkPad) BIOS Affected: 0 , < 1.37 (custom)
Create a notification for this product.
Lenovo X1 Nano Gen 1 (Type 20UN 20UQ) Laptop (ThinkPad) BIOS Affected: 0 , < 1.68 (custom)
Create a notification for this product.
Lenovo X12 Detachable Gen 1 (Type 20UW, 20UV) Laptop (ThinkPad) BIOS Affected: 0 , ≤ 1.40 (custom)
Create a notification for this product.
Lenovo E16 Gen 2 (Type 21MA, 21MB) Laptops (ThinkPad) BIOS Affected: 0 , < 1.21 (custom)
Create a notification for this product.
Lenovo X13 Gen 5 (Type 21LU, 21LV) Laptop (ThinkPad) BIOS Affected: 0 , < 1.17 (custom)
Create a notification for this product.
Lenovo L14 Gen 2 Type 20X1 20X2 Laptops (ThinkPad) BIOS Affected: 0 , < 1.73 (custom)
Create a notification for this product.
Lenovo E16 Gen 3 (Type 21ST, 21SU) Laptops (ThinkPad) BIOS Affected: 0 , < 1.21 (custom)
Create a notification for this product.
Lenovo T16 Gen 4 (Type 21QE, 21QF) Laptops (ThinkPad) BIOS Affected: 0 , < 1.10 (custom)
Create a notification for this product.
Lenovo T16 Gen 4 (Type 22AW, 22AX) Laptops (ThinkPad) BIOS Affected: 0 , < 1.08 (custom)
Create a notification for this product.
Lenovo T15 Gen 2 (Type 20W4, 20W5) Laptop (ThinkPad) BIOS Affected: 0 , < 1.69/1.21 (custom)
Create a notification for this product.
Lenovo X1 Fold Gen 1 (Type 20RK, 20RL) Laptop (ThinkPad) BIOS Affected: 0 , < 1.34 (custom)
Create a notification for this product.
Lenovo X1 Extreme 3rd Gen (Type 20TK, 20TL) Laptop (ThinkPad) BIOS Affected: 0 , < 1.37 (custom)
Create a notification for this product.
Lenovo T14s (Type 20T0, 20T1) Laptop (ThinkPad) BIOS Affected: 0 , < 1.37 (custom)
Create a notification for this product.
Lenovo T15 (type 20S6, 20S7) Laptop (ThinkPad) BIOS Affected: 0 , < 1.34 (custom)
Create a notification for this product.
Lenovo X13 Yoga Gen 1 (Type 20SX, 20SY) Laptop (ThinkPad) BIOS Affected: 0 , < 1.57 (custom)
Create a notification for this product.
Lenovo X1 Yoga 5th Gen (Type 20UB, 20UC) Laptop (ThinkPad) BIOS Affected: 0 , < 1.41 (custom)
Create a notification for this product.
Lenovo X390 Yoga (Type 20NN, 20NQ) Laptop (ThinkPad) BIOS Affected: 0 , < 2.05 (custom)
Create a notification for this product.
Lenovo X1 Yoga 4th Gen (Type 20SA, 20SB) Laptop (ThinkPad) BIOS Affected: 0 , < 1.66/1.55 (custom)
Create a notification for this product.
Lenovo X390 (Type 20SC, 20SD) Laptop (ThinkPad) BIOS Affected: 0 , < 1.87/1.32 (custom)
Create a notification for this product.
Lenovo P73 (type 20QR, 20QS) Laptop (Thinkpad) BIOS Affected: 0 , < 2.01 (custom)
Create a notification for this product.
Lenovo T490 (Type 20N2, 20N3) Laptop (ThinkPad) BIOS Affected: 0 , < 1.85/1.26 (custom)
Create a notification for this product.
Lenovo X1 Extreme 2nd Gen (Type 20QV, 20QW) Laptop (ThinkPad) BIOS Affected: 0 , < 1.55 (custom)
Create a notification for this product.
Lenovo L390 (type 20NR, 20NS) Laptops (ThinkPad) BIOS Affected: 0 , < 1.53 (custom)
Create a notification for this product.
Lenovo L13 (type 20R3, 20R4) Laptops (ThinkPad) BIOS Affected: 0 , < 1.45 (custom)
Create a notification for this product.
Lenovo L13 Gen 5 (Type 21LB, 21LC) Laptops (ThinkPad) BIOS Affected: 0 , < 1.21 (custom)
Create a notification for this product.
Lenovo E14 Gen 7 (Type 21T9, 21TA) Laptops (ThinkPad) BIOS Affected: 0 , < 1.11 (custom)
Create a notification for this product.
Lenovo P14s Gen 6 (Type 21QL, 21QM) Laptops (ThinkPad) BIOS Affected: 0 , < 1.17 (custom)
Create a notification for this product.
Lenovo L13 2-in-1 Gen 6 (Type 21R7, 21R8) Laptops (ThinkPad) BIOS Affected: 0 , < 1.10 (custom)
Create a notification for this product.
Lenovo L14 Gen 6 (Type 21S6, 21S7) Laptops (ThinkPad) BIOS Affected: 0 , < 1.06 (custom)
Create a notification for this product.
Lenovo T14s Gen 6 (Type 21QX, 21QY) Laptops (ThinkPad) BIOS Affected: 0 , < 1.14 (custom)
Create a notification for this product.
Lenovo P1 Gen 7 (Type 21KV, 21KW) Laptop (ThinkPad) BIOS Affected: 0 , < 1.17 (custom)
Create a notification for this product.
Lenovo P14s Gen 5 (Type 21G2, 21G3) Laptops (ThinkPad) BIOS Affected: 0 , < 1.26 (custom)
Create a notification for this product.
Lenovo T14 Gen 5 (Type 21MC, 21MD) Laptops (ThinkPad) BIOS Affected: 0 , < 1.18 (custom)
Create a notification for this product.
Lenovo X12 Detachable Gen 2 (Type 21LK, 21LL) Laptops (ThinkPad) BIOS Affected: 0 , < 1.21 (custom)
Create a notification for this product.
Lenovo T16 Gen 3 (Type 21MN, 21MQ) Laptops (ThinkPad) BIOS Affected: 0 , < 1.16 (custom)
Create a notification for this product.
Lenovo P16v Gen 2 (Type 21KX, 21KY) Laptops (ThinkPad) BIOS Affected: 0 , < 1.18 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-10238",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-11T03:55:27.982Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "X13 Gen 6 (Type 21RK, 21RL) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X1 Carbon 13th Gen (Type 21NX, 21NY) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "P16v Gen 3 (Type 21RS, 21RT) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "BIOS: 1.13 / ECFW: 1.09",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "L16 Gen 1 (Type 21L7 21L8) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.40",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "T14s Gen 6 (Type 21TB, 21TC) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "P14s Gen 6 (Type 21QT, 21QU) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "UEFI BIOS V1.22/ECP V1.13",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "L13 Gen 6 (Type 21RB, 21RC) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "L14 Gen 6 (Type 21SE, 21SF) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.14",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "E16 Gen 3 (Type 22AY, 22B0) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.38",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "L16 Gen 2 (Type 21SC, 21SD) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.13",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X13 Gen 6 (Type 21RM, 21RN) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.62/1.12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "T14s Gen 6 (Type 21R1, 21R2) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.10",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X1 2-in-1 Gen 9 (Type 21KE, 21KF) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.45",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X1 Fold 16 Gen 1 (Type 21ES, 21ET) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.25",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Z16 Gen 2 (Type 21JX, 21JY) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.37",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "P16v Gen 1 (Type 21FE, 21FF) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.65/1.13",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X13 Gen 4 (Type 21J3, 21J4) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.37",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "T14s Gen 4 (Type 21F8, 21F9) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.28",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "P14s Gen 4 (Type 21K5, 21K6) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.47",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "P1 Gen 6 (Type 21FV, 21FW) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.38",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "P16v Gen 1 (Type 21FC, 21FD) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "BIOS: 1.40 / ECFW: 1.09",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "P16 Gen 2 (Type 21FA, 21FB) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "BIOS: 1.61 / ECFW: 1.57",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X13 Yoga Gen 4 (Type 21F2, 21F3) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.22",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "P16s Gen 2 (Type 21HK, 21HL) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.51",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "E14 Gen 5 (Type 21JR, 21JS) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "T14s Gen 4 (Type 21F6, 21F7) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.23",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ThinkPad R14 Gen 5 Type 21JM PRC BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.41",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "L14 Gen 4 (Type 21H1, 21H2) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.34",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "L13 Gen 4 (Type 21FG, 21FH) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.24",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X1 Nano Gen 3 (Type 21K1, 21K2) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.28",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "S2 Yoga Gen 8 (Types 21FU) China Only Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.28",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "L15 Gen 4 (Type 21H7, 21H8) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.27",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X1 Yoga 8th Gen (Type 21HQ, 21HR) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.37",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "T14s Gen 6 (Type 21M1, 21M2) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.62/1.12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "P15v Gen 3 (Type 21EN 21EM) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThanOrEqual": "1.28",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "P16 Gen 1 (Type 21D6, 21D7) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.69",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X1 2-in-1 Gen 10 (Type 21NU, 21NV) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.39",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X9-15 Gen 1 (Type 21Q6, 21Q7) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.17",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X9-14 Gen 1 (Type 21QA, 21QB) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "T14s Gen 5 (Type 21LS, 21LT) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.14",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "L14 Gen 5 (Type 21L1, 21L2) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.24",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "E14 Gen 6 (Type 21M3, 21M4) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.27",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "E16 Gen 3 (Type 21SR, 21SS) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "T14 Gen 3 (Type 21AH, 21AJ) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.45/1.25",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "T15p Gen 3 (Type 21DA 21DB) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.67",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "P1 Gen 5 (Type 21DC 21DD) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "T14s Gen 3 (Type 21CQ 21CR) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.51",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "P14s Gen 3 (Type 21J5, 21J6) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.63",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Z16 Gen 1 (Type 21D4, 21D5) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.76",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "T14s Gen 3 (Type 21BR 21BS) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.48",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "L14 Gen 3 (type 21C1, 21C2) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.44",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X13 Yoga Gen 3 (Type 21AW 21AX) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.25",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "L13 Yoga Gen 3 (Type 21B5, 21B6) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.31",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "E14 Gen 4 (type 21E3, 21E4) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.34",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X1 Nano Gen 2 (Type 21E8 21E9) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.32",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "E15 Gen 4 (type 21ED 21EE) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.27",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ThinkPad S2 Gen 7 Type 21BD BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThanOrEqual": "1.36",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X1 Yoga 7th Gen (Type 21CD, 21CE) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.52",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "L14 Gen 3 (type 21C5, 21C6) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.36",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ThinkPad S2 Yoga Gen 6 Type 20VN China Only BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.38/1.36",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X1 Yoga 6th Gen (Type 20XY, 20Y0) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.75",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "E15 Gen 3 (Type 20YG, 20YH, 20YJ, 20YK) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.24",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X13 Yoga Gen 2 (Type 20W8, 20W9) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.51",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X13 Gen 2 (Type 20WK, 20WL) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.64",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "L14 Gen 2 (type 20X5, 20X6) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.36",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "T15g Gen 1 (type 20UR 20US) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.97",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X13 Gen 2 (Type 20XH, 20XJ) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.36",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "T15p Gen 2 (Type 21A7, 21A8) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.83",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "P14s Gen 2 (type 21A0, 21A1) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.33",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ThinkPad S2 Yoga Gen 6  Type 21AG China Only BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThanOrEqual": "1.38",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X1 Extreme 4th Gen (Type 20Y5, 20Y6) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.33",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "P17 Gen 2 (type 20YU, 20YV) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.97",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X1 Titanium (Type 20QA, 20QB) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.37",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X1 Nano Gen 1 (Type 20UN 20UQ) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.68",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X12 Detachable  Gen 1 (Type 20UW, 20UV) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThanOrEqual": "1.40",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "E16 Gen 2 (Type 21MA, 21MB) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X13 Gen 5 (Type 21LU, 21LV) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.17",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "L14 Gen 2 Type 20X1 20X2 Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.73",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "E16 Gen 3 (Type 21ST, 21SU) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "T16 Gen 4 (Type 21QE, 21QF) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.10",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "T16 Gen 4 (Type 22AW, 22AX) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.08",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "T15 Gen 2 (Type 20W4, 20W5) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.69/1.21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X1 Fold Gen 1 (Type 20RK, 20RL) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.34",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X1 Extreme 3rd Gen (Type 20TK, 20TL) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.37",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "T14s (Type 20T0, 20T1) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.37",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "T15 (type 20S6, 20S7) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.34",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X13 Yoga Gen 1 (Type 20SX, 20SY) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.57",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X1 Yoga 5th Gen (Type 20UB, 20UC) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.41",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X390 Yoga (Type 20NN, 20NQ) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "2.05",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X1 Yoga 4th Gen (Type 20SA, 20SB) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.66/1.55",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X390 (Type 20SC, 20SD) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.87/1.32",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "P73 (type 20QR, 20QS) Laptop (Thinkpad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "2.01",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "T490 (Type 20N2, 20N3) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.85/1.26",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X1 Extreme 2nd Gen (Type 20QV, 20QW) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.55",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "L390 (type 20NR, 20NS) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.53",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "L13 (type 20R3, 20R4) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.45",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "L13 Gen 5 (Type 21LB, 21LC) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "E14 Gen 7 (Type 21T9, 21TA) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "P14s Gen 6 (Type 21QL, 21QM) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.17",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "L13 2-in-1 Gen 6 (Type 21R7, 21R8) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.10",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "L14 Gen 6 (Type 21S6, 21S7) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.06",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "T14s Gen 6 (Type 21QX, 21QY) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.14",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "P1 Gen 7 (Type 21KV, 21KW) Laptop (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.17",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "P14s Gen 5 (Type 21G2, 21G3) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.26",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "T14 Gen 5 (Type 21MC, 21MD) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.18",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "X12 Detachable Gen 2 (Type 21LK, 21LL) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "T16 Gen 3 (Type 21MN, 21MQ) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.16",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "P16v Gen 2 (Type 21KX, 21KY) Laptops (ThinkPad) BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.18",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x13_gen_6_type_21rk_21rl_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.12",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x1_carbon_13th_gen_type_21nx_21ny_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.15",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:p16v_gen_3_type_21rs_21rt_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "bios_1.13_ecfw_1.09",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:l16_gen_1_type_21l7_21l8_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.40",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:t14s_gen_6_type_21tb_21tc_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.11",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:p14s_gen_6_type_21qt_21qu_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "uefi_bios_v1.22_ecp_v1.13",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:l13_gen_6_type_21rb_21rc_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.15",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:l14_gen_6_type_21se_21sf_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.14",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:e16_gen_3_type_22ay_22b0_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.38",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:l16_gen_2_type_21sc_21sd_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.13",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x13_gen_6_type_21rm_21rn_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.62_1.12",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:t14s_gen_6_type_21r1_21r2_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.10",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x1_2-in-1_gen_9_type_21ke_21kf_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.45",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x1_fold_16_gen_1_type_21es_21et_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.25",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:z16_gen_2_type_21jx_21jy_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.37",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:p16v_gen_1_type_21fe_21ff_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.65_1.13",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x13_gen_4_type_21j3_21j4_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.37",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:t14s_gen_4_type_21f8_21f9_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.28",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:p14s_gen_4_type_21k5_21k6_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.47",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:p1_gen_6_type_21fv_21fw_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.38",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:p16v_gen_1_type_21fc_21fd_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "bios_1.40_ecfw_1.09",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:p16_gen_2_type_21fa_21fb_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "bios_1.61_ecfw_1.57",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x13_yoga_gen_4_type_21f2_21f3_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.22",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:p16s_gen_2_type_21hk_21hl_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.51",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:e14_gen_5_type_21jr_21js_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.29",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:t14s_gen_4_type_21f6_21f7_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.23",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:thinkpad_r14_gen_5_type_21jm_prc_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.41",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:l14_gen_4_type_21h1_21h2_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.34",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:l13_gen_4_type_21fg_21fh_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.24",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x1_nano_gen_3_type_21k1_21k2_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.28",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:s2_yoga_gen_8_types_21fu_china_only_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.28",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:l15_gen_4_type_21h7_21h8_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.27",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x1_yoga_8th_gen_type_21hq_21hr_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.37",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:t14s_gen_6_type_21m1_21m2_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.62_1.12",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:p15v_gen_3_type_21en_21em_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "1.28",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:p16_gen_1_type_21d6_21d7_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.69",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x1_2-in-1_gen_10_type_21nu_21nv_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.39",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x9-15_gen_1_type_21q6_21q7_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.17",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x9-14_gen_1_type_21qa_21qb_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.21",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:t14s_gen_5_type_21ls_21lt_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.14",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:l14_gen_5_type_21l1_21l2_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.24",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:e14_gen_6_type_21m3_21m4_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.27",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:e16_gen_3_type_21sr_21ss_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.11",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:t14_gen_3_type_21ah_21aj_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.45_1.25",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:t15p_gen_3_type_21da_21db_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.67",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:p1_gen_5_type_21dc_21dd_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.29",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:t14s_gen_3_type_21cq_21cr_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.51",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:p14s_gen_3_type_21j5_21j6_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.63",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:z16_gen_1_type_21d4_21d5_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.76",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:t14s_gen_3_type_21br_21bs_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.48",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:l14_gen_3_type_21c1_21c2_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.44",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x13_yoga_gen_3_type_21aw_21ax_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.25",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:l13_yoga_gen_3_type_21b5_21b6_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.31",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:e14_gen_4_type_21e3_21e4_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.34",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x1_nano_gen_2_type_21e8_21e9_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.32",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:e15_gen_4_type_21ed_21ee_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.27",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:thinkpad_s2_gen_7_type_21bd_bios:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "1.36",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x1_yoga_7th_gen_type_21cd_21ce_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.52",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:l14_gen_3_type_21c5_21c6_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.36",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_6_type_20vn_china_only_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.38_1.36",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x1_yoga_6th_gen_type_20xy_20y0_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.75",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:e15_gen_3_type_20yg_20yh_20yj_20yk_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.24",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x13_yoga_gen_2_type_20w8_20w9_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.51",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x13_gen_2_type_20wk_20wl_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.64",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:l14_gen_2_type_20x5_20x6_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.36",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:t15g_gen_1_type_20ur_20us_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.97",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x13_gen_2_type_20xh_20xj_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.36",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:t15p_gen_2_type_21a7_21a8_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.83",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:p14s_gen_2_type_21a0_21a1_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.33",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_6_type_21ag_china_only_bios:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "1.38",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x1_extreme_4th_gen_type_20y5_20y6_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.33",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:p17_gen_2_type_20yu_20yv_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.97",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x1_titanium_type_20qa_20qb_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.37",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x1_nano_gen_1_type_20un_20uq_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.68",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x12_detachable_gen_1_type_20uw_20uv_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "1.40",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:e16_gen_2_type_21ma_21mb_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.21",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x13_gen_5_type_21lu_21lv_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.17",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:l14_gen_2_type_20x1_20x2_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.73",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:e16_gen_3_type_21st_21su_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.21",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:t16_gen_4_type_21qe_21qf_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.10",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:t16_gen_4_type_22aw_22ax_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.08",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:t15_gen_2_type_20w4_20w5_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.69_1.21",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x1_fold_gen_1_type_20rk_20rl_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.34",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x1_extreme_3rd_gen_type_20tk_20tl_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.37",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:t14s_type_20t0_20t1_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.37",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:t15_type_20s6_20s7_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.34",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x13_yoga_gen_1_type_20sx_20sy_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.57",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x1_yoga_5th_gen_type_20ub_20uc_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.41",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x390_yoga_type_20nn_20nq_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.05",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x1_yoga_4th_gen_type_20sa_20sb_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.66_1.55",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x390_type_20sc_20sd_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.87_1.32",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:p73_type_20qr_20qs_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.01",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:t490_type_20n2_20n3_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.85_1.26",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x1_extreme_2nd_gen_type_20qv_20qw_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.55",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:l390_type_20nr_20ns_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.53",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:l13_type_20r3_20r4_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.45",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:l13_gen_5_type_21lb_21lc_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.21",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:e14_gen_7_type_21t9_21ta_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.11",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:p14s_gen_6_type_21ql_21qm_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.17",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:l13_2-in-1_gen_6_type_21r7_21r8_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.10",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:l14_gen_6_type_21s6_21s7_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.06",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:t14s_gen_6_type_21qx_21qy_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.14",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:p1_gen_7_type_21kv_21kw_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.17",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:p14s_gen_5_type_21g2_21g3_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.26",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:t14_gen_5_type_21mc_21md_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.18",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:x12_detachable_gen_2_type_21lk_21ll_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.21",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:t16_gen_3_type_21mn_21mq_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.16",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:lenovo:p16v_gen_2_type_21kx_21ky_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.18",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "During an internal security assessment, a\u0026nbsp;potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in System Management Mode (SMM).\u0026nbsp;"
            }
          ],
          "value": "During an internal security assessment, a\u00a0potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in System Management Mode (SMM)."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-10T14:11:21.336Z",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://support.lenovo.com/us/en/product_security/LEN-218282"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to the version (or newer) as recommended in the advisory:\u0026nbsp;https://support.lenovo.com/us/en/product_security/LEN-218282"
            }
          ],
          "value": "Update to the version (or newer) as recommended in the advisory:\u00a0https://support.lenovo.com/us/en/product_security/LEN-218282"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.0-beta"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2025-10238",
    "datePublished": "2026-06-10T14:11:21.336Z",
    "dateReserved": "2025-09-10T15:30:05.055Z",
    "dateUpdated": "2026-06-11T03:55:27.982Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-10451 (GCVE-0-2025-10451)

Vulnerability from cvelistv5 – Published: 2025-12-12 00:28 – Updated: 2025-12-12 18:45
VLAI
Title
H19Int15CallbackSmm: SMM memory corruption vulnerability in combined DXE/SMM (SMRAM write)
Summary
Unchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM memory corruption.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Insyde Software InsydeH2O Affected: HP feature version before 20C1
Create a notification for this product.
Date Public
2025-12-09 00:23
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-10451",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-12T18:44:42.715064Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-12T18:45:44.288Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "InsydeH2O",
          "vendor": "Insyde Software",
          "versions": [
            {
              "status": "affected",
              "version": "HP feature version before 20C1"
            }
          ]
        }
      ],
      "datePublic": "2025-12-09T00:23:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUnchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM memory corruption.\u003c/span\u003e"
            }
          ],
          "value": "Unchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM memory corruption."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-12T00:30:25.404Z",
        "orgId": "8338d8cb-57f7-4252-abc0-96fd13e98d21",
        "shortName": "Insyde"
      },
      "references": [
        {
          "url": "https://www.insyde.com/security-pledge/sa-2025009/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "H19Int15CallbackSmm: SMM memory corruption vulnerability in combined DXE/SMM (SMRAM write)",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8338d8cb-57f7-4252-abc0-96fd13e98d21",
    "assignerShortName": "Insyde",
    "cveId": "CVE-2025-10451",
    "datePublished": "2025-12-12T00:28:52.829Z",
    "dateReserved": "2025-09-15T01:13:10.842Z",
    "dateUpdated": "2025-12-12T18:45:44.288Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-1050 (GCVE-0-2025-1050)

Vulnerability from cvelistv5 – Published: 2025-04-23 16:44 – Updated: 2025-04-23 18:15
VLAI
Title
Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability
Summary
Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HLS playlist data. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25606.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
zdi
References
Impacted products
Vendor Product Version
Sonos Era 300 Affected: 81.1-58074
Create a notification for this product.
Date Public
2025-04-09 20:30
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1050",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T18:15:25.567019Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T18:15:44.046Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Era 300",
          "vendor": "Sonos",
          "versions": [
            {
              "status": "affected",
              "version": "81.1-58074"
            }
          ]
        }
      ],
      "dateAssigned": "2025-02-04T21:26:36.595Z",
      "datePublic": "2025-04-09T20:30:08.837Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the processing of HLS playlist data. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25606."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-23T16:44:54.918Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-25-225",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-225/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Jack Dates of RET2 Systems"
      },
      "title": "Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2025-1050",
    "datePublished": "2025-04-23T16:44:54.918Z",
    "dateReserved": "2025-02-04T21:26:36.573Z",
    "dateUpdated": "2025-04-23T18:15:44.046Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-10882 (GCVE-0-2025-10882)

Vulnerability from cvelistv5 – Published: 2025-12-15 23:40 – Updated: 2026-05-07 19:36
VLAI
Title
X_T File Parsing Out-of-Bounds Write Vulnerability
Summary
AA maliciously crafted X_T file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Autodesk Shared Components Affected: 1.8.0.7 , < 1.9.0.7 (custom)
    cpe:2.3:a:autodesk:shared_components:1.8.0.7:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-10882",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-17T04:55:39.499357Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T16:07:37.516Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:shared_components:1.8.0.7:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Shared Components",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "1.9.0.7",
              "status": "affected",
              "version": "1.8.0.7",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "AA maliciously crafted X_T file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
            }
          ],
          "value": "AA maliciously crafted X_T file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-Bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-07T19:36:13.740Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.autodesk.com/products/autodesk-access/overview"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "X_T File Parsing Out-of-Bounds Write Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2025-10882",
    "datePublished": "2025-12-15T23:40:24.134Z",
    "dateReserved": "2025-09-23T15:29:50.560Z",
    "dateUpdated": "2026-05-07T19:36:13.740Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-10884 (GCVE-0-2025-10884)

Vulnerability from cvelistv5 – Published: 2025-12-15 23:41 – Updated: 2026-05-07 19:37
VLAI
Title
CATPART File Parsing Out-of-Bounds Write Vulnerability
Summary
AA maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Autodesk Shared Components Affected: 1.8.0.7 , < 1.9.0.7 (custom)
    cpe:2.3:a:autodesk:shared_components:1.8.0.7:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-10884",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-17T04:55:36.076858Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T16:07:37.072Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:shared_components:1.8.0.7:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Shared Components",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "1.9.0.7",
              "status": "affected",
              "version": "1.8.0.7",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "AA maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
            }
          ],
          "value": "AA maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-Bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-07T19:37:32.087Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.autodesk.com/products/autodesk-access/overview"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "CATPART File Parsing Out-of-Bounds Write Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2025-10884",
    "datePublished": "2025-12-15T23:41:34.185Z",
    "dateReserved": "2025-09-23T15:29:51.807Z",
    "dateUpdated": "2026-05-07T19:37:32.087Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation ID: MIT-3

Phase: Requirements

Strategy: Language Selection

Description:

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer.
  • Be wary that a language's interface to native code may still be subject to overflows, even if the language itself is theoretically safe.
Mitigation ID: MIT-4.1

Phase: Architecture and Design

Strategy: Libraries or Frameworks

Description:

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions.
Mitigation ID: MIT-10

Phases: Operation, Build and Compilation

Strategy: Environment Hardening

Description:

  • Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
  • D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation ID: MIT-9

Phase: Implementation

Description:

  • Consider adhering to the following rules when allocating and managing an application's memory:
  • Double check that the buffer is as large as specified.
  • When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string.
  • Check buffer boundaries if accessing the buffer in a loop and make sure there is no danger of writing past the allocated space.
  • If necessary, truncate all input strings to a reasonable length before passing them to the copy and concatenation functions.
Mitigation ID: MIT-11

Phases: Operation, Build and Compilation

Strategy: Environment Hardening

Description:

  • Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
  • Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
  • For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
Mitigation ID: MIT-12

Phase: Operation

Strategy: Environment Hardening

Description:

  • Use a CPU and operating system that offers Data Execution Protection (using hardware NX or XD bits) or the equivalent techniques that simulate this feature in software, such as PaX [REF-60] [REF-61]. These techniques ensure that any instruction executed is exclusively at a memory address that is part of the code segment.
  • For more information on these techniques see D3-PSEP (Process Segment Execution Prevention) from D3FEND [REF-1336].
Mitigation ID: MIT-13

Phase: Implementation

Description:

  • Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page