CVE-2022-48188

Published: Jun 5, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.

Affected (31)

Lenovo

27 products

Ideacentre Aio 3 21itl7 Firmware

Ideacentre Aio 3 22itl6 Firmware

Ideacentre Aio 3 24itl6 Firmware

Ideacentre Aio 3 27itl6 Firmware

Thinkcentre M720e Firmware

Thinkcentre M720q Firmware

Thinkcentre M720s Firmware

Thinkcentre M720t Firmware

Thinkcentre M725s Firmware

Thinkcentre M75s Gen 2 Firmware

Thinkcentre M75t Gen 2 Firmware

Thinkcentre M920q Firmware

Thinkcentre M920s Firmware

Thinkcentre M920t Firmware

Thinkcentre M920x Firmware

Thinkcentre M920z Firmware

Ideacentre 510s 07icb Firmware

Ideacentre 510s 07ick Firmware

Ideacentre 720 18apr Firmware

Thinkstation P330 Tiny Firmware

Thinkstation P360 Ultra Firmware

Thinkstation P520 Firmware

Thinkstation P520c Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre Aio 3 21itl7 Firmware	Before o5akt33

Running on/with	Platform Versions
Lenovo Ideacentre Aio 3 21itl7	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre Aio 3 22itl6 Firmware	Before o5akt33

Running on/with	Platform Versions
Lenovo Ideacentre Aio 3 22itl6	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre Aio 3 24itl6 Firmware	Before o5akt33

Running on/with	Platform Versions
Lenovo Ideacentre Aio 3 24itl6	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre Aio 3 27itl6 Firmware	Before o5akt33

Running on/with	Platform Versions
Lenovo Ideacentre Aio 3 27itl6	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M720e Firmware	Before m1zkt40a

Running on/with	Platform Versions
Lenovo Thinkcentre M720e	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M720q Firmware	Before m1ukt70a

Running on/with	Platform Versions
Lenovo Thinkcentre M720q	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M720s Firmware	Before m1ukt70a

Running on/with	Platform Versions
Lenovo Thinkcentre M720s	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M720t Firmware	Before m1ukt70a

Running on/with	Platform Versions
Lenovo Thinkcentre M720t	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M725s Firmware	Before m25kt63a

Running on/with	Platform Versions
Lenovo Thinkcentre M725s	All versions

Configuration J

1 vulnerable

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M75s Gen 2 Firmware	Before m46kt30a

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M75s Gen 2 Firmware	Before m3bkt30a

Running on/with	Platform Versions
Lenovo Thinkcentre M75s Gen 2	All versions

Configuration L

1 vulnerable

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M75t Gen 2 Firmware	Before m46kt30a

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M75t Gen 2 Firmware	Before m3akt4ca

Running on/with	Platform Versions
Lenovo Thinkcentre M75t Gen 2	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M920q Firmware	Before m1ukt70a

Running on/with	Platform Versions
Lenovo Thinkcentre M920q	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M920s Firmware	Before m1ukt70a

Running on/with	Platform Versions
Lenovo Thinkcentre M920s	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M920t Firmware	Before m1ukt70a

Running on/with	Platform Versions
Lenovo Thinkcentre M920t	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M920x Firmware	Before m1ukt70a

Running on/with	Platform Versions
Lenovo Thinkcentre M920x	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M920z Firmware	Before m1mkt55a

Running on/with	Platform Versions
Lenovo Thinkcentre M920z	All versions

Configuration S

1 vulnerable

Vulnerable Software	Affected Versions
Lenovo Ideacentre 510s 07icb Firmware	Before m22kt48a

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre 510s 07icb Firmware	Before m22kt49a

Running on/with	Platform Versions
Lenovo Ideacentre 510s 07icb	All versions

Configuration U

1 vulnerable

Vulnerable Software	Affected Versions
Lenovo Ideacentre 510s 07ick Firmware	Before m30kt28a

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre 510s 07ick Firmware	Before m1zkt40a

Running on/with	Platform Versions
Lenovo Ideacentre 510s 07ick	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre 720 18apr Firmware	Before m25kt63a

Running on/with	Platform Versions
Lenovo Ideacentre 720 18apr	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V30a 22itl Firmware	Before o5akt33

Running on/with	Platform Versions
Lenovo V30a 22itl	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V30a 24itl Firmware	Before o5akt33

Running on/with	Platform Versions
Lenovo V30a 24itl	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V530s 07icb Firmware	Before m22kt49a

Running on/with	Platform Versions
Lenovo V530s 07icb	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V530s 07icr Firmware	Before m1zkt40a

Running on/with	Platform Versions
Lenovo V530s 07icr	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P330 Tiny Firmware	Before m1ukt70a

Running on/with	Platform Versions
Lenovo Thinkstation P330 Tiny	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P360 Ultra Firmware	Before s0fkt27a

Running on/with	Platform Versions
Lenovo Thinkstation P360 Ultra	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P520 Firmware	Before s03kt58a

Running on/with	Platform Versions
Lenovo Thinkstation P520	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P520c Firmware	Before s03kt58a

Running on/with	Platform Versions
Lenovo Thinkstation P520c	All versions

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://support.lenovo.com/us/en/product_security/LEN-124495

Source: psirt@lenovo.com

Vendor Advisory

https://support.lenovo.com/us/en/product_security/LEN-124495

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.