6.7

CVE-2022-3742

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LenovoIdeapad 1 14iau7 Firmware Version < jkcn34ww
   LenovoIdeapad 1 14iau7 Version-
LenovoIdeapad 1 14igl7 Firmware Version < kkcn15ww
   LenovoIdeapad 1 14igl7 Version-
LenovoIdeapad 1 15iau7 Firmware Version < jkcn34ww
   LenovoIdeapad 1 15iau7 Version-
LenovoIdeapad 1 15igl7 Firmware Version < kkcn15ww
   LenovoIdeapad 1 15igl7 Version-
LenovoIdeapad 1-14ijl7 Firmware Version < htcn31ww
   LenovoIdeapad 1-14ijl7 Version-
LenovoIdeapad 1-15ijl7 Firmware Version < htcn31ww
   LenovoIdeapad 1-15ijl7 Version-
LenovoIdeapad 3 14iau7 Firmware Version < jkcn34ww
   LenovoIdeapad 3 14iau7 Version-
LenovoIdeapad 3 15iau7 Firmware Version < jkcn34ww
   LenovoIdeapad 3 15iau7 Version-
LenovoIdeapad 3 17iau7 Firmware Version < jkcn34ww
   LenovoIdeapad 3 17iau7 Version-
LenovoIdeapad 3-15igl05 Firmware Version < dvcn28ww
   LenovoIdeapad 3-15igl05 Version-
LenovoIdeapad 3-17iil05 Firmware Version < emcn56ww
   LenovoIdeapad 3-17iil05 Version-
LenovoIdeapad 3-17itl6 Firmware Version < ggcn51ww
   LenovoIdeapad 3-17itl6 Version-
LenovoIdeapad 5 15ial7 Firmware Version < jbcn27ww
   LenovoIdeapad 5 15ial7 Version-
LenovoIdeapad 5-15itl05 Firmware Version < fhcn70ww
   LenovoIdeapad 5-15itl05 Version-
LenovoL3-15iml05 Firmware Version < ejcn30ww
   LenovoL3-15iml05 Version-
LenovoL3-15itl6 Firmware Version < gfcn29ww
   LenovoL3-15itl6 Version-
LenovoLegion 5 15iah7 Firmware Version < j2cn49ww
   LenovoLegion 5 15iah7 Version-
LenovoLegion 5 15iah7h Firmware Version < j2cn49ww
   LenovoLegion 5 15iah7h Version-
LenovoLegion 5 Pro 16iah7 Firmware Version < j2cn49ww
   LenovoLegion 5 Pro 16iah7 Version-
LenovoLegion 5 Pro 16iah7h Firmware Version < j2cn49ww
   LenovoLegion 5 Pro 16iah7h Version-
LenovoLegion 5 Pro-16ith6 Firmware Version < h1cn52ww
   LenovoLegion 5 Pro-16ith6 Version-
LenovoLegion 5 Pro-16ith6h Firmware Version < h1cn52ww
   LenovoLegion 5 Pro-16ith6h Version-
LenovoLegion 5-15imh05 Firmware Version < efcn58ww
   LenovoLegion 5-15imh05 Version-
LenovoLegion 5-15imh05h Firmware Version < efcn58ww
   LenovoLegion 5-15imh05h Version-
LenovoLegion 5-15imh6 Firmware Version < g8cn22ww
   LenovoLegion 5-15imh6 Version-
LenovoLegion 5-15ith6 Firmware Version < h1cn52ww
   LenovoLegion 5-15ith6 Version-
LenovoLegion 5-15ith6h Firmware Version < h1cn52ww
   LenovoLegion 5-15ith6h Version-
LenovoLegion 5-17imh05 Firmware Version < efcn58ww
   LenovoLegion 5-17imh05 Version-
LenovoLegion 5-17imh05h Firmware Version < efcn58ww
   LenovoLegion 5-17imh05h Version-
LenovoLegion 5-17ith6 Firmware Version < h1cn52ww
   LenovoLegion 5-17ith6 Version-
LenovoLegion 5-17ith6h Firmware Version < h1cn52ww
   LenovoLegion 5-17ith6h Version-
LenovoLegion 5p-15imh05 Firmware Version < efcn58ww
   LenovoLegion 5p-15imh05 Version-
LenovoLegion 5p-15imh05h Firmware Version < efcn58ww
   LenovoLegion 5p-15imh05h Version-
LenovoLegion 7 16iax7 Firmware Version < k1cn40ww
   LenovoLegion 7 16iax7 Version-
LenovoLegion 7-16ithg6 Firmware Version < h1cn52ww
   LenovoLegion 7-16ithg6 Version-
LenovoS14 G2 Itl Firmware Version < ggcn51ww
   LenovoS14 G2 Itl Version-
LenovoS14 G3 Iap Firmware Version < jkcn34ww
   LenovoS14 G3 Iap Version-
LenovoSlim 7 14iap7 Firmware Version < jhcn28ww
   LenovoSlim 7 14iap7 Version-
LenovoSlim 7 Carbon 13iap7 Firmware Version < k2cn34ww
   LenovoSlim 7 Carbon 13iap7 Version-
LenovoSlim 7 Prox 14iah7 Firmware Version < hmcn41ww
   LenovoSlim 7 Prox 14iah7 Version-
LenovoSlim 9 14iap7 Firmware Version < j3cn49ww
   LenovoSlim 9 14iap7 Version-
LenovoThinkbook 15p Imh Firmware Version < f6cn26ww
   LenovoThinkbook 15p Imh Version-
LenovoV14 G2 Ijl Firmware Version < htcn31ww
   LenovoV14 G2 Ijl Version-
LenovoV14 G3 Iap Firmware Version < jkcn34ww
   LenovoV14 G3 Iap Version-
LenovoV15 G2 Ijl Firmware Version < htcn31ww
   LenovoV15 G2 Ijl Version-
LenovoV15 G3 Iap Firmware Version < jkcn34ww
   LenovoV15 G3 Iap Version-
LenovoV17 G3 Iap Firmware Version < jkcn34ww
   LenovoV17 G3 Iap Version-
LenovoS540-13itl Firmware Version < fzcn26ww
   LenovoS540-13itl Version-
LenovoSlim 7 Pro-14ihu5 Firmware Version < fjcn74ww
   LenovoSlim 7 Pro-14ihu5 Version-
LenovoSlim 9-14itl05 Firmware Version < escn56ww
   LenovoSlim 9-14itl05 Version-
LenovoThinkbook 15p G2 Ith Firmware Version < hjcn32ww
   LenovoThinkbook 15p G2 Ith Version-
LenovoV14 G1-iml Firmware Version < dxcn44ww
   LenovoV14 G1-iml Version-
LenovoV14 G2-itl Firmware Version < ggcn51ww
   LenovoV14 G2-itl Version-
LenovoV14-igl Firmware Version < dvcn28ww
   LenovoV14-igl Version-
LenovoV15 G1-iml Firmware Version < dxcn44ww
   LenovoV15 G1-iml Version-
LenovoV15 G2-itl Firmware Version < ggcn51ww
   LenovoV15 G2-itl Version-
LenovoV15-igl Firmware Version < dvcn28ww
   LenovoV15-igl Version-
LenovoV17 G2-itl Firmware Version < ggcn51ww
   LenovoV17 G2-itl Version-
LenovoV17-iil Firmware Version < emcn56ww
   LenovoV17-iil Version-
LenovoYoga 7 14ial7 Firmware Version < j1cn35ww
   LenovoYoga 7 14ial7 Version-
LenovoYoga 7 16iah7 Firmware Version < j1cn35ww
   LenovoYoga 7 16iah7 Version-
LenovoYoga 7 16iap7 Firmware Version < j1cn35ww
   LenovoYoga 7 16iap7 Version-
LenovoYoga 7-14itl5 Firmware Version < f5cn59ww
   LenovoYoga 7-14itl5 Version-
LenovoYoga 7-15itl5 Firmware Version < f5cn59ww
   LenovoYoga 7-15itl5 Version-
LenovoYoga 9 14iap7 Firmware Version < hncn42ww
   LenovoYoga 9 14iap7 Version-
LenovoYoga Slim 7 Pro 14iah7 Firmware Version < krcn14ww
   LenovoYoga Slim 7 Pro 14iah7 Version-
LenovoYoga Slim 7 Pro 14iap7 Firmware Version < jhcn28ww
   LenovoYoga Slim 7 Pro 14iap7 Version-
LenovoYoga Slim 7 Pro-14ihu5 Firmware Version < fjcn74ww
   LenovoYoga Slim 7 Pro-14ihu5 Version-
LenovoYoga Slim 7 Pro-14ihu5 O Firmware Version < fjcn74ww
   LenovoYoga Slim 7 Pro-14ihu5 O Version-
LenovoYoga Slim 7 Pro-14itl5 Firmware Version < fjcn74ww
   LenovoYoga Slim 7 Pro-14itl5 Version-
LenovoYoga Slim 7 Prox 14iah7 Firmware Version < hmcn41ww
   LenovoYoga Slim 7 Prox 14iah7 Version-
LenovoYoga Slim 9 14iap7 Firmware Version < j3cn49ww
   LenovoYoga Slim 9 14iap7 Version-
LenovoYoga Slim 9-14itl05 Firmware Version < escn56ww
   LenovoYoga Slim 9-14itl05 Version-
LenovoIdeapad 3-14igl05 Firmware Version < dvcn28ww
   LenovoIdeapad 3-14igl05 Version-
LenovoIdeapad 3-14iil05 Firmware Version < emcn56ww
   LenovoIdeapad 3-14iil05 Version-
LenovoIdeapad 3-14iml05 Firmware Version < dxcn44ww
   LenovoIdeapad 3-14iml05 Version-
LenovoIdeapad 3-14itl05 Firmware Version < gccn32ww
   LenovoIdeapad 3-14itl05 Version-
LenovoIdeapad 3-14itl6 Firmware Version < ggcn51ww
   LenovoIdeapad 3-14itl6 Version-
LenovoIdeapad 3-15iil05 Firmware Version < emcn56ww
   LenovoIdeapad 3-15iil05 Version-
LenovoIdeapad 3-15iml05 Firmware Version < dxcn44ww
   LenovoIdeapad 3-15iml05 Version-
LenovoIdeapad 3-15itl05 Firmware Version < gccn32ww
   LenovoIdeapad 3-15itl05 Version-
LenovoIdeapad 3-15itl6 Firmware Version < ggcn51ww
   LenovoIdeapad 3-15itl6 Version-
LenovoIdeapad 3-17iml05 Firmware Version < dxcn44ww
   LenovoIdeapad 3-17iml05 Version-
LenovoIdeapad 5-15iil05 Firmware Version < dpcn58ww
   LenovoIdeapad 5-15iil05 Version-
LenovoIdeapad Gaming 3-15imh05 Firmware Version < egcn40ww
   LenovoIdeapad Gaming 3-15imh05 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.031
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
psirt@lenovo.com 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.