Lenovo System Update
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Lenovo System Update.
By the Year
In 2026 there have been 0 vulnerabilities in Lenovo System Update. System Update did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 2 | 7.40 |
| 2022 | 1 | 7.80 |
| 2021 | 0 | 0.00 |
| 2020 | 2 | 7.30 |
| 2019 | 1 | 7.50 |
| 2018 | 1 | 7.80 |
It may take a day or so for new System Update vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Lenovo System Update Security Vulnerabilities
Lenovo System Update Search Path CVE-2023-4632 Enables Local Priv Escalation
CVE-2023-4632
7.8 - High
- November 08, 2023
An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.
Privilege Escalation via Directory Permissions in Lenovo System Update
CVE-2022-4568
7 - High
- May 01, 2023
A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.
Incorrect Default Permissions
A vulnerability was reported in Lenovo System Update
CVE-2022-0354
7.8 - High
- April 22, 2022
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window.
A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106
CVE-2020-8342
7.3 - High
- September 15, 2020
A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.
TOCTTOU
A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version
CVE-2020-8318
7.3 - High
- April 14, 2020
A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges.
A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088
CVE-2019-6175
7.5 - High
- September 26, 2019
A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations.
MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password
CVE-2018-9063
7.8 - High
- May 04, 2018
MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv.
Buffer Overflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Lenovo System Update or by Lenovo? Click the Watch button to subscribe.
