Lucene search

[email protected]CVE-2022-1891

HistoryJan 26, 2023 - 9:15 p.m.

CVE-2022-1891

2023-01-2621:15:25

CWE-120

CWE-122

[email protected]

web.nvd.nist.gov

cve-2022-1891

buffer overflow

lenovo notebook

local privileges

arbitrary code

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

Affected configurations

NVD

Node

lenovothinkbook_14-iml_firmwareRange<cjcn38ww

AND

lenovothinkbook_14-imlMatch-

Node

lenovothinkbook_14-iil_firmwareRange<djcn28ww

AND

lenovothinkbook_14-iilMatch-

Node

lenovothinkbook_15-iil_firmwareRange<djcn28ww

AND

lenovothinkbook_15-iilMatch-

Node

lenovothinkbook_15-iml_firmwareRange<cjcn38ww

AND

lenovothinkbook_15-imlMatch-

Node

lenovoyoga_c640-13iml_lte_firmwareRange<chcn28ww

AND

lenovoyoga_c640-13iml_lteMatch-

Node

lenovoyoga_c640-13iml_firmwareRange<chcn28ww

AND

lenovoyoga_c640-13imlMatch-

CPENameOperatorVersion
lenovo:thinkbook_14-iml_firmwarelenovo thinkbook 14-iml firmwareltcjcn38ww

CPE	Name	Operator	Version
lenovo:thinkbook_14-iml_firmware	lenovo thinkbook 14-iml firmware	lt	cjcn38ww

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "BIOS",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-91369

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-1891

cvelist1 nvd1 prion1 thn2