CVE-2024-45105

EUVD-2024-41310
An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
lenovothinkagile_hx5530_firmware
𝑥
< afe130c
ADP
lenovothinkedge_se450__firmware
𝑥
< cme116d
ADP
lenovothinkedge_se350_v2_firmware
𝑥
< iye110f
ADP
lenovothinksystem_st250_v3_firmware
𝑥
< cte110i
ADP
lenovothinkagile_hx3375_firmware
𝑥
< d8e138d
ADP
lenovothinksystem_sr950_v3_firmware
𝑥
< ebe108h
ADP
lenovothinkagile_hx650_v3_firmware
𝑥
< ese126h
ADP
lenovothinksystem_sd530_v3_firmware
𝑥
< fne118d
ADP
lenovothinkagile_hx645_v3_integrated_system_firmware
𝑥
< kae120j
ADP
lenovothinksystem_sr850_v2_firmware
𝑥
< m5e128i
ADP
lenovothinkedge_se455_v3_firmware
𝑥
< mbe110h
ADP
lenovothinksystem_sd665_v3_firmware
𝑥
< qge124h
ADP
lenovothinksystem_sr850_v3_firmware
𝑥
< rse110h
ADP
lenovothinksystem_sr250_v2_firmware
𝑥
< tqe116c
ADP
lenovothinksystem_sd630_v2_firmware
𝑥
< u8e128l
ADP
lenovothinksystem_sd650_v3_firmware
𝑥
< use130g
ADP
Common Weakness Enumeration
References
https://support.lenovo.com/us/en/product_security/LEN-165524