Security vulnerabilities have been identified that affect the BIOS software of Lenovo ThinkPad X13s model devices and may cause threat actors to execute code remotely on the affected system and access sensitive data of the local user. (Reference Link)
The details of the identified vulnerabilities are as follows;
The vulnerabilities tracked as CVE-2022-40516, CVE-2022-40517, and CVE-2022-40520, are stack-based buffer overflow security vulnerabilities that could allow a local threat actor with elevated privileges to cause memory corruption in the Qualcomm BIOS.
The vulnerabilities, tracked as CVE-2022-40518 and CVE-2022-40519 in the Qualcomm BIOS, allow a local threat actor with elevated privileges to access memory contents.
The vulnerabilities tracked as CVE-2022-4432, CVE-2022-4433, CVE-2022-4434, and CVE-2022-4435, which are in the ThinkPad X13s BIOS, allow a local threat actor with elevated privileges to access memory contents.
These vulnerabilities affect versions before ThinkPad X13s BIOS 1.47. To avoid being the target of attacks that can be carried out using vulnerabilities, it is recommended to upgrade to current versions that fix the vulnerability.