7.8
CVE-2022-1890
- EPSS 0.04%
- Veröffentlicht 26.01.2023 21:15:24
- Zuletzt bearbeitet 21.11.2024 06:41:41
- Quelle psirt@lenovo.com
- Teams Watchlist Login
- Unerledigt Login
A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lenovo ≫ Thinkbook 14-iml Firmware Version < cjcn38ww
Lenovo ≫ Thinkbook 14-iil Firmware Version < djcn28ww
Lenovo ≫ Thinkbook 15-iil Firmware Version < djcn28ww
Lenovo ≫ Thinkbook 15-iml Firmware Version < cjcn38ww
Lenovo ≫ Yoga C640-13iml Lte Firmware Version < chcn28ww
Lenovo ≫ Yoga C640-13iml Firmware Version < chcn28ww
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Typ | Quelle | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.04% | 0.095 |
Quelle | Base Score | Exploit Score | Impact Score | Vector String |
---|---|---|---|---|
nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
psirt@lenovo.com | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-122 Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.