Browse all 56 CVE security advisories affecting Lenovo Group Ltd.. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Lenovo Group Ltd. operates as a global technology manufacturer, primarily producing personal computers, servers, and mobile devices for enterprise and consumer markets. Security audits reveal 56 recorded Common Vulnerabilities and Exposures (CVEs), predominantly involving remote code execution, cross-site scripting, and privilege escalation flaws within embedded firmware and management utilities. These vulnerabilities often stem from legacy codebases in BIOS/UEFI implementations and third-party components integrated into hardware management suites. Notable incidents include critical firmware vulnerabilities allowing unauthorized hardware control, though the company has generally responded with timely patches. The attack surface is largely concentrated in out-of-band management interfaces and pre-boot environments, reflecting the complexity of modern hardware-software integration. While no massive data breaches have been publicly attributed directly to Lenovo’s core infrastructure, the high volume of firmware-related CVEs highlights ongoing challenges in securing low-level system components against sophisticated threat actors targeting supply chain integrity.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2017-3754 | 多款Lenovo产品BIOS 安全漏洞 — Lenovo Notebook BIOS | 6.7 | - | 2017-07-17 |
| CVE-2017-3742 | Lenovo Connect2 安全漏洞 — Lenovo Connect2 | 4.8 | - | 2017-07-17 |
| CVE-2017-3750 | 多款Lenovo VIBE手机权限许可和访问控制问题漏洞 — Lenovo Vibe and Lenovo China-only Moto Mobile Phones | 6.4 | - | 2017-06-29 |
| CVE-2017-3749 | 多款Lenovo VIBE手机权限许可和访问控制问题漏洞 — Lenovo Vibe and Lenovo China-only Moto Mobile Phones | 6.4 | - | 2017-06-29 |
| CVE-2017-3748 | 多款Lenovo VIBE手机权限许可和访问控制问题漏洞 — Lenovo Vibe and Lenovo China-only Moto Mobile Phones | 7.8 | - | 2017-06-29 |
| CVE-2017-3747 | 多款Lenovo产品Nerve Center for Windows 10 安全漏洞 — Lenovo Nerve Center | 5.5 | - | 2017-06-29 |
| CVE-2017-3744 | Lenovo System x IMM2固件安全漏洞 — Lenovo System x IMM2 | 7.5 | - | 2017-06-20 |
| CVE-2017-3743 | 多款Lenovo产品安全漏洞 — ToolsCenter | 7.5 | - | 2017-06-20 |
| CVE-2017-3745 | Lenovo XClarity Administrator 信息泄露漏洞 — XClarity Administrator | 7.8 | - | 2017-06-20 |
| CVE-2017-3741 | 联想ThinkPad X1 Carbon Power Management驱动程序权限许可和访问控制问题漏洞 — Power Management Driver | 3.3 | - | 2017-06-03 |
| CVE-2017-3740 | 联想Thinkpad Active Protection System 权限许可和访问控制问题漏洞 — Active Protection System | 5.5 | - | 2017-06-03 |
| CVE-2016-8228 | 联想Service Bridge 安全漏洞 — Service Bridge | 7.8 | - | 2017-06-03 |
| CVE-2016-8229 | 联想Service Bridge 跨站请求伪造漏洞 — Service Bridge | 8.8 | - | 2017-06-03 |
| CVE-2016-8230 | 联想Service Bridge 安全漏洞 — Service Bridge | 7.5 | - | 2017-06-03 |
| CVE-2016-8231 | 联想Service Bridge 安全漏洞 — Service Bridge | 7.5 | - | 2017-06-03 |
| CVE-2016-8237 | 联想Updates 权限许可和访问控制漏洞 — Lenovo Updates | 8.1 | - | 2017-04-10 |
| CVE-2016-8235 | 联想Customer Care Software Development Kit 权限许可和访问控制漏洞 — Customer Care Software Development Kit (CCSDK) | 7.8 | - | 2017-04-10 |
| CVE-2016-8236 | 多款联想产品Lenovo ThinkServer System Manager 安全漏洞 — ThinkServer RD350, RD450, RD550, RD650, TD350 | 7.5 | - | 2017-03-03 |
| CVE-2016-8233 | 联想XClarity Administrator 信息泄露漏洞 — XClarity Administrator | 8.4 | - | 2017-03-01 |
| CVE-2016-8227 | 多款联想产品Transition程序安全漏洞 — Transition application | 7.8 | - | 2017-01-26 |
| CVE-2016-8226 | 多款联想产品BIOS 安全漏洞 — System X M5, M6, and X6 BIOS | 4.9 | - | 2017-01-26 |
| CVE-2016-8225 | 多款联想产品Lenovo Edge USB Keyboard驱动程序安全漏洞 — Edge and Slim USB Keyboard Driver | 7.8 | - | 2017-01-26 |
| CVE-2016-8221 | 联想XClarity Administrator 安全漏洞 — XClarity Administrator (LXCA) | 7.5 | - | 2017-01-12 |
| CVE-2016-8222 | 多款Lenovo ThinkPad产品安全绕过漏洞 — ThinkPad systems | 6.0 | - | 2016-11-30 |
| CVE-2016-8224 | Lenovo Notebook和ThinkServer 安全漏洞 — Lenovo Notebook models 110-14IBR/110-15IBR, B70-80, E31-80, E40-80, E41-80, E51-80, G40-80, G50-80, G50-80 Touch, Ideapad 300-14IBR/300-15IBR, Ideapad 300-14ISK/300-15ISK/300-17ISK, Ideapad 510S-12ISK, K21-80, K41-80, MIIX 710-12IKB , XiaoXin Air 12, YOGA 510-14ISK/510-15ISK, YOGA 710-11IKB, Yoga 710-11ISK, Yoga 900-13ISK, YOGA 900S-12ISK; ThinkServer models ThinkServer TS150, ThinkServer TS450 | 6.7 | - | 2016-11-29 |
| CVE-2016-8223 | Lenovo System Interface Foundation 提权漏洞 — All ThinkPad, ThinkCentre, ThinkStation and Lenovo-branded systems preloaded with the Windows 10 operating system, or any system running Lenovo Companion, Lenovo Settings, or Lenovo ID. | 7.8 | - | 2016-11-29 |
This page lists every published CVE security advisory associated with Lenovo Group Ltd.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.