Insyde's Security Pledge

Vulnerabilities in the OEM specific feature.

CVSS Vector: See in Description

Following vulnerabilities were identified in the code developed specifically for Lenovo. Please visit “Lenovo Product Security Advisories and Announcements” webpage for more information about the vulnerabilities. https://support.lenovo.com/us/en/product_security/home

1. CVE-2025-4421
CVSS: 8.2; CVSS v3.1: AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description: EfiSmiServices: gEfiSmmCpuProtocol, SMM memory corruption vulnerabilities in SMM module
(CWE-787: Out-of-bounds Write)

2. CVE-2025-4422
CVSS: 8.2; CVSS v3.1: AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description: EfiSmiServices : EfiPcdProtocol, SMM memory corruption vulnerabilities in SMM module
(CWE-787: Out-of-bounds Write)

3. CVE-2025-4423
CVSS: 8.2; CVSS v3.1: AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description: SetupAutomationSmm:Vulnerability in the SMM module allow attacker to write arbitrary code and lead to memory corruption
(CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer)

4. CVE-2025-4424
CVSS: 6.0; CVSS v3.1: AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
Description: SetupAutomationSmm : Arbitrary calls to SmmSetVariable with unsanitised arguments in SMI handler
(CWE-20: Improper Input Validation)

5. CVE-2025-4425
CVSS: 8.2; CVSS v3.1: AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description: SetupAutomationSmm: Stack overflow vulnerability in SMI handler
(CWE-121: Stack-based Buffer Overflow)

6. CVE-2025-4426
CVSS: 6.0; CVSS v3.1: AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
Description: SetupAutomationSmm : SMRAM memory contents leak / information disclosure vulnerability in SMM module
(CWE-200: Exposure of Sensitive Information to an Unauthorized Actor)

Lenovo feature: Version L05.05.40.011803.172079

Thanks to the BINARLY Research team and 3rd party researchers for reporting the vulnerabilities and engaging in this coordinated disclosure.