CVE-2024-7756

Description

A potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges by accessing an embedded UEFI shell.

CVSS breakdown

CVSS 3.1

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Lenovo / 10w (Type 82ST, 82SU) Laptop (Lenovo) BIOS0 – JSCN28WW
Lenovo / L390 (type 20NR, 20NS) Laptops (ThinkPad) BIOS0 – 1.47
Lenovo / L390 Yoga (type 20NT, 20NU) Laptops (ThinkPad) BIOS0 – 1.47

References

MISChttps://support.lenovo.com/us/en/product_security/LEN-165524