WID-SEC-W-2026-0134

Vulnerability from csaf_certbund - Published: 2026-01-15 23:00 - Updated: 2026-01-15 23:00
Summary
Lenovo BIOS: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Das BIOS ist die Firmware bei IBM PC kompatiblen Computern.
Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in Lenovo BIOS ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Daten zu verändern oder Secure-Boot-Schutzmaßnahmen zu umgehen.
Betroffene Betriebssysteme: - BIOS/Firmware
CVE-2025-47348
Affected products
Product Identifier Version Remediation
Lenovo BIOS
Lenovo / BIOS
 cpe:/h:lenovo:bios:-
CVE-2026-0421
Affected products
Product Identifier Version Remediation
Lenovo BIOS
Lenovo / BIOS
 cpe:/h:lenovo:bios:-
Lenovo BIOS L16 Gen 2 ThinkPads
Lenovo / BIOS
 cpe:/h:lenovo:bios:l16_gen_2_thinkpads L16 Gen 2 ThinkPads
Lenovo BIOS L14 Gen 6
Lenovo / BIOS
 cpe:/h:lenovo:bios:l14_gen_6 L14 Gen 6
Lenovo BIOS L13 Gen 6 2-in-1
Lenovo / BIOS
 cpe:/h:lenovo:bios:l13_gen_6_2-in-1 L13 Gen 6 2-in-1
Lenovo BIOS L13 Gen 6
Lenovo / BIOS
 cpe:/h:lenovo:bios:l13_gen_6 L13 Gen 6
References
To clipboard 

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Das BIOS ist die Firmware bei IBM PC kompatiblen Computern.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Lenovo BIOS ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Daten zu ver\u00e4ndern oder Secure-Boot-Schutzma\u00dfnahmen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0134 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0134.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0134 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0134"
      },
      {
        "category": "external",
        "summary": "Lenovo Security Advisory vom 2026-01-15",
        "url": "https://support.lenovo.com/us/en/product_security/LEN-210688"
      }
    ],
    "source_lang": "en-US",
    "title": "Lenovo BIOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-01-15T23:00:00.000+00:00",
      "generator": {
        "date": "2026-01-16T11:15:57.253+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0134",
      "initial_release_date": "2026-01-15T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-01-15T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "L13 Gen 6",
                "product": {
                  "name": "Lenovo BIOS L13 Gen 6",
                  "product_id": "T050057",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:lenovo:bios:l13_gen_6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "L13 Gen 6 2-in-1",
                "product": {
                  "name": "Lenovo BIOS L13 Gen 6 2-in-1",
                  "product_id": "T050058",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:lenovo:bios:l13_gen_6_2-in-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "L14 Gen 6",
                "product": {
                  "name": "Lenovo BIOS L14 Gen 6",
                  "product_id": "T050059",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:lenovo:bios:l14_gen_6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "L16 Gen 2 ThinkPads",
                "product": {
                  "name": "Lenovo BIOS L16 Gen 2 ThinkPads",
                  "product_id": "T050060",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:lenovo:bios:l16_gen_2_thinkpads"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Lenovo BIOS",
                "product": {
                  "name": "Lenovo BIOS",
                  "product_id": "T050061",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:lenovo:bios:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "BIOS"
          }
        ],
        "category": "vendor",
        "name": "Lenovo"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-47348",
      "product_status": {
        "known_affected": [
          "T050061"
        ]
      },
      "release_date": "2026-01-15T23:00:00.000+00:00",
      "title": "CVE-2025-47348"
    },
    {
      "cve": "CVE-2026-0421",
      "product_status": {
        "known_affected": [
          "T050061",
          "T050060",
          "T050059",
          "T050058",
          "T050057"
        ]
      },
      "release_date": "2026-01-15T23:00:00.000+00:00",
      "title": "CVE-2026-0421"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.