A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.
Credits
Lenovo would like to thank Alex Matrosov and Alexandre Gazet for reporting this issue.
