CVE-2022-3431
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD
Description
A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
Affected (25)
Products: Lenovo: Ideapad Creator 5 16ach6 Firmware, Ideapad 5 Pro 16ihu6 Firmware, Ideapad 5 Pro 16ach6 Firmware, Yoga Slim 7 13itl05 Firmware, Yoga Slim 7 13acn05 Firmware, Yoga Slim 7 Pro 16arh7 Firmware, Yoga Slim 7 Pro 16ach6 Firmware, Yoga Slim 7 Carbon 13itl5 Firmware, Yoga Duet 7 13itl6 Lte Firmware, Yoga Duet 7 13itl6 Firmware, Yoga Duet 7 13iml05 Firmware, Thinkbook Plus G3 Iap Firmware, Thinkbook Plus G2 Itg Firmware, Thinkbook 16p Nx Arh Firmware, Thinkbook 16 G4+ Iap Firmware, Thinkbook 16 G4+ Ara Firmware, Thinkbook 14 G4+ Iap Firmware, Thinkbook 14 G4+ Ara Firmware, Thinkbook 13x Itg Firmware, Ideapad Slim 7 Pro 16ach6 Firmware, S540 15iml Firmware, Slim 7 16arh7 Firmware, Ideapad Duet 3 10igl5 Firmware, Ideapad 5 Pro 16arh7 Firmware, D330 10igl Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before gscn34ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Ideapad Creator 5 16ach6 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before grcn22ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Ideapad 5 Pro 16ihu6 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before gscn34ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Ideapad 5 Pro 16ach6 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before f7cn39ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Yoga Slim 7 13itl05 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before ghcn28ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Yoga Slim 7 13acn05 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before klcn15ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Yoga Slim 7 Pro 16arh7 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before hucn16ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Yoga Slim 7 Pro 16ach6 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before f7cn39ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Yoga Slim 7 Carbon 13itl5 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before gpcn24ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Yoga Duet 7 13itl6 Lte | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before gpcn24ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Yoga Duet 7 13itl6 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before ercn30ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Yoga Duet 7 13iml05 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before k6cn29ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkbook Plus G3 Iap | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before gycn31ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkbook Plus G2 Itg | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before kjcn27ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkbook 16p Nx Arh | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before hycn40ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkbook 16 G4+ Iap | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before j6cn40ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkbook 16 G4+ Ara | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before hycn40ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkbook 14 G4+ Iap | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Before j6cn40ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkbook 14 G4+ Ara | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Before hlcn30ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkbook 13x Itg | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Before hucn16ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Ideapad Slim 7 Pro 16ach6 | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Before cncn22ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo S540 15iml | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Before klcn15ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Slim 7 16arh7 | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Before eqcn37ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Ideapad Duet 3 10igl5 | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Before j4cn33ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo Ideapad 5 Pro 16arh7 | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Before g0cn11ww |
| Running on/with | Platform Versions |
|---|---|
Lenovo D330 10igl | All versions |
References (2)
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.