CVE-2022-1891
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD
Description
A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
Affected (6)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before cjcn38ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkbook 14 Iml | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before djcn28ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkbook 14 Iil | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before djcn28ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkbook 15 Iil | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before cjcn38ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkbook 15 Iml | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before chcn28ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Yoga C640 13iml Lte | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before chcn28ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Yoga C640 13iml | All versions |
Related CWEs
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
CWE-122
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
References (2)
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.