Lenovo has pointed out a number of vulnerabilities in the BIOS of the ThinkPad X13s in a security announcement. These allow memory corruption and information disclosure. A BIOS update is available to close the vulnerabilities.
Lenovo lists the following vulnerabilities that allow memory corruption and information disclosure in
this security advisory.
- CVE-2022-40516
- CVE-2022-40517
- CVE-2022-40518
- CVE-2022-40519
- CVE-2022-40520
- CVE-2022-4432
- CVE-2022-4433
- CVE-2022-4434
- CVE-2022-4435
Lenovo states the following impact of these vulnerabilities:
- CVE-2022-40516, CVE-2022-40517, CVE-2022-40520: Qualcomm reported several stack-based buffer overflow vulnerabilities in Qualcomm BIOS that could allow a local attacker with elevated privileges to cause memory corruption.
- CVE-2022-40518, CVE-2022-40519: Qualcomm reported several buffer over-read vulnerabilities in Qualcomm BIOS that could allow a local attacker with elevated privileges to cause information disclosure.
- CVE-2022-4432, CVE-2022-4433, CVE-2022-4434, CVE-2022-4435: Several buffer over-read vulnerabilities were reported in ThinkPad X13s BIOS that could allow a local attacker with elevated privileges to cause information disclosure.
To close the vulnerabilities, a ThinkPad X13s BIOS update to
version 1.47 (N3HET75W) or newer should be performed.
