6.7
CVE-2022-4574
- EPSS 0.02%
- Published 30.10.2023 15:15:40
- Last modified 21.11.2024 07:35:31
- Source psirt@lenovo.com
- Teams watchlist Login
- Open Login
An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.
Data is provided by the National Vulnerability Database (NVD)
Lenovo ≫ Thinkpad X13 Yoga Gen 2 Firmware Version < 1.40
Lenovo ≫ Thinkpad X13 Yoga Gen 1 Firmware Version < 1.45
Lenovo ≫ Thinkpad X13 Gen 3 Firmware Version < 1.33
Lenovo ≫ Thinkpad X13 Gen 2 Firmware Version < 1.51
Lenovo ≫ Thinkpad X13 Firmware Version < 1.26
Lenovo ≫ Thinkpad X1 Yoga 7th Gen Firmware Version < 1.37
Lenovo ≫ Thinkpad X1 Yoga 6th Gen Firmware Version < 1.59
Lenovo ≫ Thinkpad X1 Yoga 5th Gen Firmware Version < 1.30
Lenovo ≫ Thinkpad X1 Yoga 4th Gen Firmware Version < 1.56
Lenovo ≫ Thinkpad X1 Titanium Firmware Version < 1.24
Lenovo ≫ Thinkpad X1 Nano Gen 2 Firmware Version < 1.18
Lenovo ≫ Thinkpad X1 Nano Gen 1 Firmware Version < 1.55
Lenovo ≫ Thinkpad X1 Fold Gen 1 Firmware Version-
Lenovo ≫ Thinkpad X1 Extreme Gen 5 Firmware Version < 1.16
Lenovo ≫ Thinkpad X1 Extreme 4th Gen Firmware Version < 1.22
Lenovo ≫ Thinkpad X1 Extreme 3rd Gen Firmware Version < 1.27
Lenovo ≫ Thinkpad X1 Carbon 9th Gen Firmware Version < 1.59
Lenovo ≫ Thinkpad X1 Carbon 8th Gen Firmware Version < 1.30
Lenovo ≫ Thinkpad X1 Carbon 7th Gen Firmware Version < 1.56
Lenovo ≫ Thinkpad X1 Carbon 10th Gen Firmware Version < 1.37
Lenovo ≫ Thinkpad T16 Gen 1 Firmware Version < 1.31
Lenovo ≫ Thinkpad T15p Gen 3 Firmware Version < 1.15
Lenovo ≫ Thinkpad T15p Gen 2 Firmware Version < 1.19
Lenovo ≫ Thinkpad T15p Gen 1 Firmware Version < 1.32
Lenovo ≫ Thinkpad T15g Gen 2 Firmware Version < 1.25
Lenovo ≫ Thinkpad T15g Gen 1 Firmware Version < 1.32
Lenovo ≫ Thinkpad T15 Gen 2 Firmware Version-
Lenovo ≫ Thinkpad T14s Gen 3 Firmware Version < 1.33
Lenovo ≫ Thinkpad T14s Gen 2 Firmware Version < 1.51
Lenovo ≫ Thinkpad T14s Firmware Version < 1.26
Lenovo ≫ Thinkpad T14 Gen 3 Firmware Version < 1.31
Lenovo ≫ Thinkpad T14 Gen 2 Firmware Version-
Lenovo ≫ Thinkpad T14 Gen 1 Firmware Version < 1.28
Lenovo ≫ Thinkpad P17 Gen 2 Firmware Version < 1.25
Lenovo ≫ Thinkpad P17 Gen 1 Firmware Version < 1.32
Lenovo ≫ Thinkpad P16s Gen 1 Firmware Version < 1.31
Lenovo ≫ Thinkpad P16 Gen 1 Firmware Version < 1.17
Lenovo ≫ Thinkpad P15v Gen 3 Firmware Version < 1.15
Lenovo ≫ Thinkpad P15v Gen 2 Firmware Version < 1.19
Lenovo ≫ Thinkpad P15v Gen 1 Firmware Version < 1.32
Lenovo ≫ Thinkpad P15s Gen 2 Firmware Version-
Lenovo ≫ Thinkpad P15s Gen 1 Firmware Version < 1.28
Lenovo ≫ Thinkpad P15 Gen 2 Firmware Version < 1.25
Lenovo ≫ Thinkpad P15 Gen 1 Firmware Version < 1.32
Lenovo ≫ Thinkpad P14s Gen 3 Firmware Version < 1.31
Lenovo ≫ Thinkpad P14s Gen 2 Firmware Version-
Lenovo ≫ Thinkpad P14s Gen 1 Firmware Version < 1.28
Lenovo ≫ Thinkpad P1 Gen 5 Firmware Version < 1.16
Lenovo ≫ Thinkpad P1 Gen 4 Firmware Version1.22
Lenovo ≫ Thinkpad P1 Gen 3 Firmware Version < 1.27
Lenovo ≫ Thinkpad L15 Gen 2 Firmware Version-
Lenovo ≫ Thinkpad L15 Firmware Version < 1.20
Lenovo ≫ Thinkpad L14 Gen 2 Firmware Version-
Lenovo ≫ Thinkpad L14 Firmware Version < 1.20
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.034 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| psirt@lenovo.com | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.