CVE-2022-4573

Published: Oct 30, 2023Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code.

Affected (1)

Products: Lenovo: Thinkpad X1 Fold Gen 1 Firmware

Lenovo

1 product

Thinkpad X1 Fold Gen 1 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkpad X1 Fold Gen 1 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkpad X1 Fold Gen 1	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://support.lenovo.com/us/en/product_security/LEN-106014

Source: psirt@lenovo.com

Vendor Advisory

https://support.lenovo.com/us/en/product_security/LEN-106014

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.