A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.