CVE-2022-1892

EPSS 0.04%
Published 26.01.2023 21:15:25
Last modified 21.11.2024 06:41:41
Source psirt@lenovo.com
Teams watchlist Login
Open Login

A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Lenovo ≫ 100e 2nd Gen Firmware Version < frcn23ww

Lenovo ≫ 100e 2nd Gen Version-

Lenovo ≫ 100w Gen 3 Firmware Version < gacn38ww

Lenovo ≫ 100w Gen 3 Version-

Lenovo ≫ 13w Yoga Firmware Version < jacn31ww

Lenovo ≫ 13w Yoga Version-

Lenovo ≫ 14w Gen 2 Firmware Version < h0cn21ww

Lenovo ≫ 14w Gen 2 Version-

Lenovo ≫ 300e 2nd Gen Firmware Version < frcn23ww

Lenovo ≫ 300e 2nd Gen Version-

Lenovo ≫ 300w Gen 3 Firmware Version < gacn38ww

Lenovo ≫ 300w Gen 3 Version-

Lenovo ≫ 500w Gen 3 Firmware Version < g6cn40ww

Lenovo ≫ 500w Gen 3 Version-

Lenovo ≫ 730s-13iml Firmware Version < brcn20ww

Lenovo ≫ 730s-13iml Version-

Lenovo ≫ Flex 3-11ada05 Firmware Version < fpcn26ww

Lenovo ≫ Flex 3-11ada05 Version-

Lenovo ≫ Flex 5-14alc05 Firmware Version < gjcn27ww

Lenovo ≫ Flex 5-14alc05 Version-

Lenovo ≫ Flex 5-14are05 Firmware Version < eecn39ww

Lenovo ≫ Flex 5-14are05 Version-

Lenovo ≫ Flex 5-14iil05 Firmware Version < eecn40ww

Lenovo ≫ Flex 5-14iil05 Version-

Lenovo ≫ Flex 5-14itl05 Firmware Version < fxcn38ww

Lenovo ≫ Flex 5-14itl05 Version-

Lenovo ≫ Flex 5-15alc05 Firmware Version < gjcn27ww

Lenovo ≫ Flex 5-15alc05 Version-

Lenovo ≫ Flex 5-15iil05 Firmware Version < eccn40ww

Lenovo ≫ Flex 5-15iil05 Version-

Lenovo ≫ Flex 5-15itl05 Firmware Version < fxcn38ww

Lenovo ≫ Flex 5-15itl05 Version-

Lenovo ≫ Ideapad 1-11ada05 Firmware Version < fqcn26ww

Lenovo ≫ Ideapad 1-11ada05 Version-

Lenovo ≫ Ideapad 1-11igl05 Firmware Version < dwcn24ww

Lenovo ≫ Ideapad 1-11igl05 Version-

Lenovo ≫ Ideapad 1-14ada05 Firmware Version < fqcn26ww

Lenovo ≫ Ideapad 1-14ada05 Version-

Lenovo ≫ Ideapad 1-14igl05 Firmware Version < dwcn24ww

Lenovo ≫ Ideapad 1-14igl05 Version-

Lenovo ≫ Ideapad 3-15ada05 Firmware Version < e8cn36ww

Lenovo ≫ Ideapad 3-15ada05 Version-

Lenovo ≫ Ideapad 3-14ada05 Firmware Version < e8cn36ww

Lenovo ≫ Ideapad 3-14ada05 Version-

Lenovo ≫ Ideapad 3-14ada6 Firmware Version < hbcn24ww

Lenovo ≫ Ideapad 3-14ada6 Version-

Lenovo ≫ Ideapad 3-14alc6 Firmware Version < glcn48ww

Lenovo ≫ Ideapad 3-14alc6 Version-

Lenovo ≫ Ideapad 3-15ada6 Firmware Version < hbcn24ww

Lenovo ≫ Ideapad 3-15ada6 Version-

Lenovo ≫ Ideapad 3-15alc6 Firmware Version < glcn48ww

Lenovo ≫ Ideapad 3-15alc6 Version-

Lenovo ≫ Ideapad 3-17alc6 Firmware Version < e8cn36ww

Lenovo ≫ Ideapad 3-17alc6 Version-

Lenovo ≫ Ideapad 3-17ada05 Firmware Version < hbcn24ww

Lenovo ≫ Ideapad 3-17ada05 Version-

Lenovo ≫ Ideapad 3-17ada6 Firmware Version < glcn48ww

Lenovo ≫ Ideapad 3-17ada6 Version-

Lenovo ≫ Ideapad 5 15aba7 Firmware Version < kacn14ww

Lenovo ≫ Ideapad 5 15aba7 Version-

Lenovo ≫ Ideapad Flex 5 14alc7 Firmware Version < jccn29ww

Lenovo ≫ Ideapad Flex 5 14alc7 Version-

Lenovo ≫ Ideapad Flex 5 16alc7 Firmware Version < jccn29ww

Lenovo ≫ Ideapad Flex 5 16alc7 Version-

Lenovo ≫ Legion S7-15imh5 Firmware Version < hacn37ww

Lenovo ≫ Legion S7-15imh5 Version-

Lenovo ≫ Legion S7-15ach6 Firmware Version < g1cn27ww

Lenovo ≫ Legion S7-15ach6 Version-

Lenovo ≫ Legion S7-15arh5 Firmware Version < fdcn40ww

Lenovo ≫ Legion S7-15arh5 Version-

Lenovo ≫ S145-14api Firmware Version < bucn33ww

Lenovo ≫ S145-14api Version-

Lenovo ≫ S145-14ast Firmware Version < aycn28ww

Lenovo ≫ S145-14ast Version-

Lenovo ≫ S145-15api Firmware Version < bucn33ww

Lenovo ≫ S145-15api Version-

Lenovo ≫ S145-15ast Firmware Version < aycn28ww

Lenovo ≫ S145-15ast Version-

Lenovo ≫ S540-13api Firmware Version < cxcn36ww

Lenovo ≫ S540-13api Version-

Lenovo ≫ Ideapad S940-14iil Firmware Version < bqcn34ww

Lenovo ≫ Ideapad S940-14iil Version-

Lenovo ≫ Yoga S940-14iil Firmware Version < bqcn34ww

Lenovo ≫ Yoga S940-14iil Version-

Lenovo ≫ Ideapad Slim 1-14ast-05 Firmware Version < cwcn25ww

Lenovo ≫ Ideapad Slim 1-14ast-05 Version-

Lenovo ≫ Ideapad Slim 1-11ast-05 Firmware Version < cwcn25ww

Lenovo ≫ Ideapad Slim 1-11ast-05 Version-

Lenovo ≫ Thinkbook 13s G3 Acn Firmware Version < gmcn29ww

Lenovo ≫ Thinkbook 13s G3 Acn Version-

Lenovo ≫ Thinkbook 13s G2 Are Firmware Version < fvcn24ww

Lenovo ≫ Thinkbook 13s G2 Are Version-

Lenovo ≫ Thinkbook 13s G2 Itl Firmware Version < f9cn50ww

Lenovo ≫ Thinkbook 13s G2 Itl Version-

Lenovo ≫ Thinkbook 13s-iml Firmware Version < cqcn37ww

Lenovo ≫ Thinkbook 13s-iml Version-

Lenovo ≫ Thinkbook 14-iil Firmware Version < djcn28ww

Lenovo ≫ Thinkbook 14-iil Version-

Lenovo ≫ Thinkbook 14-iml Firmware Version < cjcn38ww

Lenovo ≫ Thinkbook 14-iml Version-

Lenovo ≫ Thinkbook 14p G2 Ach Firmware Version < gwcn41ww

Lenovo ≫ Thinkbook 14p G2 Ach Version-

Lenovo ≫ Thinkbook 14s G2 Itl Firmware Version < f9cn50ww

Lenovo ≫ Thinkbook 14s G2 Itl Version-

Lenovo ≫ Thinkbook 14s-iml Firmware Version < cqcn37ww

Lenovo ≫ Thinkbook 14s-iml Version-

Lenovo ≫ Thinkbook 15-iil Firmware Version < djcn28ww

Lenovo ≫ Thinkbook 15-iil Version-

Lenovo ≫ Thinkbook 15-iml Firmware Version < cjcn38ww

Lenovo ≫ Thinkbook 15-iml Version-

Lenovo ≫ Thinkbook 16p G2 Ach Firmware Version < gxcn42ww

Lenovo ≫ Thinkbook 16p G2 Ach Version-

Lenovo ≫ V130-15ikb Firmware Version < 8vcn31ww

Lenovo ≫ V130-15ikb Version-

Lenovo ≫ V14 G2-alc Firmware Version < glcn48ww

Lenovo ≫ V14 G2-alc Version-

Lenovo ≫ V14-ada Firmware Version < e8cn36ww

Lenovo ≫ V14-ada Version-

Lenovo ≫ V15 G2-alc Firmware Version < glcn48ww

Lenovo ≫ V15 G2-alc Version-

Lenovo ≫ V15-ada Firmware Version < e8cn36ww

Lenovo ≫ V15-ada Version-

Lenovo ≫ Yoga 9-15imh5 Firmware Version < epcn28ww

Lenovo ≫ Yoga 9-15imh5 Version-

Lenovo ≫ Yoga C640-13iml Firmware Version < chcn28ww

Lenovo ≫ Yoga C640-13iml Version-

Lenovo ≫ Yoga C640-13iml Lte Firmware Version < chcn28ww

Lenovo ≫ Yoga C640-13iml Lte Version-

Lenovo ≫ Yoga C940-15irh Firmware Version < bscn37ww

Lenovo ≫ Yoga C940-15irh Version-

Lenovo ≫ Yoga S730-13iml Firmware Version < brcn20ww

Lenovo ≫ Yoga S730-13iml Version-

Lenovo ≫ Yoga S940-14iil Firmware Version < bqcn34ww

Lenovo ≫ Yoga S940-14iil Version-

Lenovo ≫ Yoga Slim 7 Pro-14ach5 Firmware Version < gzcn29ww

Lenovo ≫ Yoga Slim 7 Pro-14ach5 Version-

Lenovo ≫ Yoga Slim 7 Pro-14ach5 O Firmware Version < gzcn29ww

Lenovo ≫ Yoga Slim 7 Pro-14ach5 O Version-

Lenovo ≫ Yoga Slim 7 Pro-14arh5 Firmware Version < gzcn24ww

Lenovo ≫ Yoga Slim 7 Pro-14arh5 Version-

Lenovo ≫ Ideapad 5-15alc05 Firmware Version < h2cn27ww

Lenovo ≫ Ideapad 5-15alc05 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.095

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@lenovo.com	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

https://support.lenovo.com/us/en/product_security/LEN-91369

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-1892

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1892

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1892

EUVD