A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.
Credits
Lenovo thanks Enrique Nissim, Joseph Tartaro and Krzysztof Okupski from IOActive for reporting this issue.
