7.8

CVE-2022-48188

A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LenovoIdeacentre Aio 3 21itl7 Firmware Version < o5akt33
   LenovoIdeacentre Aio 3 21itl7 Version-
LenovoIdeacentre Aio 3-22itl6 Firmware Version < o5akt33
   LenovoIdeacentre Aio 3-22itl6 Version-
LenovoIdeacentre Aio 3-24itl6 Firmware Version < o5akt33
   LenovoIdeacentre Aio 3-24itl6 Version-
LenovoIdeacentre Aio 3-27itl6 Firmware Version < o5akt33
   LenovoIdeacentre Aio 3-27itl6 Version-
LenovoThinkcentre M720e Firmware Version < m1zkt40a
   LenovoThinkcentre M720e Version-
LenovoThinkcentre M720q Firmware Version < m1ukt70a
   LenovoThinkcentre M720q Version-
LenovoThinkcentre M720s Firmware Version < m1ukt70a
   LenovoThinkcentre M720s Version-
LenovoThinkcentre M720t Firmware Version < m1ukt70a
   LenovoThinkcentre M720t Version-
LenovoThinkcentre M725s Firmware Version < m25kt63a
   LenovoThinkcentre M725s Version-
LenovoThinkcentre M75s Gen 2 Firmware Version < m46kt30a
   LenovoThinkcentre M75s Gen 2 Version-
LenovoThinkcentre M75s Gen 2 Firmware Version < m3bkt30a
   LenovoThinkcentre M75s Gen 2 Version-
LenovoThinkcentre M75t Gen 2 Firmware Version < m46kt30a
   LenovoThinkcentre M75t Gen 2 Version-
LenovoThinkcentre M75t Gen 2 Firmware Version < m3akt4ca
   LenovoThinkcentre M75t Gen 2 Version-
LenovoThinkcentre M920q Firmware Version < m1ukt70a
   LenovoThinkcentre M920q Version-
LenovoThinkcentre M920s Firmware Version < m1ukt70a
   LenovoThinkcentre M920s Version-
LenovoThinkcentre M920t Firmware Version < m1ukt70a
   LenovoThinkcentre M920t Version-
LenovoThinkcentre M920x Firmware Version < m1ukt70a
   LenovoThinkcentre M920x Version-
LenovoThinkcentre M920z Firmware Version < m1mkt55a
   LenovoThinkcentre M920z Version-
LenovoIdeacentre 510s-07icb Firmware Version < m22kt48a
   LenovoIdeacentre 510s-07icb Version-
LenovoIdeacentre 510s-07icb Firmware Version < m22kt49a
   LenovoIdeacentre 510s-07icb Version-
LenovoIdeacentre 510s-07ick Firmware Version < m30kt28a
   LenovoIdeacentre 510s-07ick Version-
LenovoIdeacentre 510s-07ick Firmware Version < m1zkt40a
   LenovoIdeacentre 510s-07ick Version-
LenovoIdeacentre 720-18apr Firmware Version < m25kt63a
   LenovoIdeacentre 720-18apr Version-
LenovoV30a-22itl Firmware Version < o5akt33
   LenovoV30a-22itl Version-
LenovoV30a-24itl Firmware Version < o5akt33
   LenovoV30a-24itl Version-
LenovoV530s-07icb Firmware Version < m22kt49a
   LenovoV530s-07icb Version-
LenovoV530s-07icr Firmware Version < m1zkt40a
   LenovoV530s-07icr Version-
LenovoThinkstation P330 Tiny Firmware Version < m1ukt70a
   LenovoThinkstation P330 Tiny Version-
LenovoThinkstation P360 Ultra Firmware Version < s0fkt27a
   LenovoThinkstation P360 Ultra Version-
LenovoThinkstation P520 Firmware Version < s03kt58a
   LenovoThinkstation P520 Version-
LenovoThinkstation P520c Firmware Version < s03kt58a
   LenovoThinkstation P520c Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.058
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@lenovo.com 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.