Lucene search

[email protected]CVE-2022-48189

HistoryOct 30, 2023 - 3:15 p.m.

CVE-2022-48189

2023-10-3015:15:39

CWE-20

[email protected]

web.nvd.nist.gov

cve-2022-48189

smm

driver

input validation

bios

thinkpad

vulnerability

local access

elevated privileges

arbitrary code

nvd

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.

Affected configurations

NVD

Node

lenovothinkpad_e14_firmwareRange<1.23

AND

lenovothinkpad_e14Match-

Node

lenovothinkpad_e14_gen_2_firmwareRange<1.55

AND

lenovothinkpad_e14_gen_2Match-

Node

lenovothinkpad_e14_gen_4_firmwareRange<1.18

AND

lenovothinkpad_e14_gen_4Match-

Node

lenovothinkpad_e14_gen_4_firmwareRange<1.16

AND

lenovothinkpad_e14_gen_4Match-

Node

lenovothinkpad_e15_firmwareRange<1.23

AND

lenovothinkpad_e15Match-

Node

lenovothinkpad_e15_gen_2_firmwareRange<1.55

AND

lenovothinkpad_e15_gen_2Match-

Node

lenovothinkpad_e15_gen_4_firmwareRange<1.18

AND

lenovothinkpad_e15_gen_4Match-

Node

lenovothinkpad_e15_gen_4_firmwareRange<1.16

AND

lenovothinkpad_e15_gen_4Match-

Node

lenovothinkpad_e490_firmwareRange<1.34

AND

lenovothinkpad_e490Match-

Node

lenovothinkpad_e490s_firmwareRange<1.34

AND

lenovothinkpad_e490sMatch-

Node

lenovothinkpad_e590_firmwareRange<1.34

AND

lenovothinkpad_e590Match-

Node

lenovothinkpad_l13_gen_3_firmwareRange<1.14

AND

lenovothinkpad_l13_gen_3Match-

Node

lenovothinkpad_l13_yoga_gen_3_firmwareRange<1.14

AND

lenovothinkpad_l13_yoga_gen_3Match-

Node

lenovothinkpad_l14_firmwareRange<1.2

AND

lenovothinkpad_l14Match-

Node

lenovothinkpad_l14_firmwareRange<1.3

AND

lenovothinkpad_l14Match-

Node

lenovothinkpad_l14_firmwareMatch-

AND

lenovothinkpad_l14Match-

Node

lenovothinkpad_l14_firmwareRange<1.26

AND

lenovothinkpad_l14Match-

Node

lenovothinkpad_l15_firmwareRange<1.2

AND

lenovothinkpad_l15Match-

Node

lenovothinkpad_l15_firmwareRange<1.3

AND

lenovothinkpad_l15Match-

Node

lenovothinkpad_l15_gen_2_firmwareMatch-

AND

lenovothinkpad_l15_gen_2Match-

Node

lenovothinkpad_l15_gen_3_firmwareRange<1.26

AND

lenovothinkpad_l15_gen_3Match-

Node

lenovothinkpad_l490_firmwareRange<1.32

AND

lenovothinkpad_l490Match-

Node

lenovothinkpad_l590_firmwareRange<1.32

AND

lenovothinkpad_l590Match-

Node

lenovothinkpad_p1_gen_2_firmwareRange<1.46

AND

lenovothinkpad_p1_gen_2Match-

Node

lenovothinkpad_p1_gen_3_firmwareRange<1.27

AND

lenovothinkpad_p1_gen_3Match-

Node

lenovothinkpad_p1_gen_4_firmwareRange<1.22

AND

lenovothinkpad_p1_gen_4Match-

Node

lenovothinkpad_p1_gen_5_firmwareRange<1.16

AND

lenovothinkpad_p1_gen_5Match-

Node

lenovothinkpad_p14s_gen_1_firmwareRange<1.28

AND

lenovothinkpad_p14s_gen_1Match-

Node

lenovothinkpad_p14s_gen_2_firmwareMatch-

AND

lenovothinkpad_p14s_gen_2Match-

Node

lenovothinkpad_p14s_gen_2_firmwareRange<1.34

AND

lenovothinkpad_p14s_gen_2Match-

Node

lenovothinkpad_p14s_gen_3_firmwareMatch-

AND

lenovothinkpad_p14s_gen_3Match-

Node

lenovothinkpad_p15_gen_1_firmwareRange<1.32

AND

lenovothinkpad_p15_gen_1Match-

Node

lenovothinkpad_p15_gen_2_firmwareRange<1.25

AND

lenovothinkpad_p15_gen_2Match-

Node

lenovothinkpad_p15s_gen_1_firmwareRange<1.28

AND

lenovothinkpad_p15s_gen_1Match-

Node

lenovothinkpad_p15s_gen_2_firmwareMatch-

AND

lenovothinkpad_p15s_gen_2Match-

Node

lenovothinkpad_p15v_gen_1_firmwareRange<1.32

AND

lenovothinkpad_p15v_gen_1Match-

Node

lenovothinkpad_p15v_gen_2_firmwareRange<1.19

AND

lenovothinkpad_p15v_gen_2Match-

Node

lenovothinkpad_p15v_gen_3_firmwareRange<1.15

AND

lenovothinkpad_p15v_gen_3Match-

Node

lenovothinkpad_p16_gen_1_firmwareRange<1.17

AND

lenovothinkpad_p16_gen_1Match-

Node

lenovothinkpad_p16s_gen_1_firmwareMatch-

AND

lenovothinkpad_p16s_gen_1Match-

Node

lenovothinkpad_p17_gen_1_firmwareRange<1.32

AND

lenovothinkpad_p17_gen_1Match-

Node

lenovothinkpad_p17_gen_2_firmwareRange<1.25

AND

lenovothinkpad_p17_gen_2Match-

Node

lenovothinkpad_p43s_firmwareMatch-

AND

lenovothinkpad_p43sMatch-

Node

lenovothinkpad_p53_firmwareRange<1.4

AND

lenovothinkpad_p53Match-

Node

lenovothinkpad_p53s_firmwareMatch-

AND

lenovothinkpad_p53sMatch-

Node

lenovothinkpad_p73_firmwareRange<1.4

AND

lenovothinkpad_p73Match-

Node

lenovothinkpad_t14_gen_1_firmwareRange<1.28

AND

lenovothinkpad_t14_gen_1Match-

Node

lenovothinkpad_t14_gen_1_firmwareRange<1.28

AND

lenovothinkpad_t14_gen_1Match-

Node

lenovothinkpad_t14_gen_2_firmwareMatch-

AND

lenovothinkpad_t14_gen_2Match-

Node

lenovothinkpad_t14_gen_2_firmwareRange<1.34

AND

lenovothinkpad_t14_gen_2Match-

Node

lenovothinkpad_t14_gen_3_firmwareMatch-

AND

lenovothinkpad_t14_gen_3Match-

Node

lenovothinkpad_t14s_firmwareRange<1.26

AND

lenovothinkpad_t14sMatch-

Node

lenovothinkpad_t14s_gen_2_firmwareRange<1.51

AND

lenovothinkpad_t14s_gen_2Match-

Node

lenovothinkpad_t14s_gen_2_firmwareRange<1.37

AND

lenovothinkpad_t14s_gen_2Match-

Node

lenovothinkpad_t14s_gen_3_firmwareRange<1.33

AND

lenovothinkpad_t14s_gen_3Match-

Node

lenovothinkpad_t15_firmwareRange<1.28

AND

lenovothinkpad_t15Match-

Node

lenovothinkpad_t15_gen_2_firmwareMatch-

AND

lenovothinkpad_t15_gen_2Match-

Node

lenovothinkpad_t15g_gen_1_firmwareRange<1.32

AND

lenovothinkpad_t15g_gen_1Match-

Node

lenovothinkpad_t15g_gen_2_firmwareRange<1.25

AND

lenovothinkpad_t15g_gen_2Match-

Node

lenovothinkpad_t15p_gen_1_firmwareRange<1.32

AND

lenovothinkpad_t15p_gen_1Match-

Node

lenovothinkpad_t15p_gen_2_firmwareRange<1.19

AND

lenovothinkpad_t15p_gen_2Match-

Node

lenovothinkpad_t15p_gen_3_firmwareRange<1.15

AND

lenovothinkpad_t15p_gen_3Match-

Node

lenovothinkpad_t16_gen_1_firmwareMatch-

AND

lenovothinkpad_t16_gen_1Match-

Node

lenovothinkpad_t490_firmwareMatch-

AND

lenovothinkpad_t490Match-

Node

lenovothinkpad_t490_firmwareMatch-

AND

lenovothinkpad_t490Match-

Node

lenovothinkpad_t490_firmwareMatch-

AND

lenovothinkpad_t490Match-

Node

lenovothinkpad_t490s_firmwareMatch-

AND

lenovothinkpad_t490sMatch-

Node

lenovothinkpad_t590_firmwareMatch-

AND

lenovothinkpad_t590Match-

Node

lenovothinkpad_thinkpad_r14_gen_2_firmwareRange<1.55

AND

lenovothinkpad_thinkpad_r14_gen_2Match-

Node

lenovothinkpad_thinkpad_r14_gen_4_firmwareRange<1.18

AND

lenovothinkpad_thinkpad_r14_gen_4Match-

Node

lenovothinkpad_thinkpad_s3_2nd_gen_firmwareRange<1.23

AND

lenovothinkpad_thinkpad_s3_2nd_genMatch-

Node

lenovothinkpad_x1_carbon_10th_gen_firmwareRange<1.37

AND

lenovothinkpad_x1_carbon_10th_genMatch-

Node

lenovothinkpad_x1_carbon_7th_gen_firmwareMatch-

AND

lenovothinkpad_x1_carbon_7th_genMatch-

Node

lenovothinkpad_x1_carbon_7th_gen_firmwareMatch-

AND

lenovothinkpad_x1_carbon_7th_genMatch-

Node

lenovothinkpad_x1_carbon_8th_gen_firmwareMatch-

AND

lenovothinkpad_x1_carbon_8th_genMatch-

Node

lenovothinkpad_x1_carbon_9th_gen_firmwareRange<1.59

AND

lenovothinkpad_x1_carbon_9th_genMatch-

Node

lenovothinkpad_x1_extreme_2nd_gen_firmwareRange<1.46

AND

lenovothinkpad_x1_extreme_2nd_genMatch-

Node

lenovothinkpad_x1_extreme_3rd_gen_firmwareRange<1.27

AND

lenovothinkpad_x1_extreme_3rd_genMatch-

Node

lenovothinkpad_x1_extreme_4th_gen_firmwareRange<1.22

AND

lenovothinkpad_x1_extreme_4th_genMatch-

Node

lenovothinkpad_x1_extreme_gen_5_firmwareRange<1.16

AND

lenovothinkpad_x1_extreme_gen_5Match-

Node

lenovothinkpad_x1_nano_gen_1_firmwareRange<1.55

AND

lenovothinkpad_x1_nano_gen_1Match-

Node

lenovothinkpad_x1_nano_gen_2_firmwareRange<1.18

AND

lenovothinkpad_x1_nano_gen_2Match-

Node

lenovothinkpad_x1_titanium_firmwareRange<1.24

AND

lenovothinkpad_x1_titaniumMatch-

Node

lenovothinkpad_x1_yoga_4th_gen_firmwareMatch-

AND

lenovothinkpad_x1_yoga_4th_genMatch-

Node

lenovothinkpad_x1_yoga_4th_gen_firmwareMatch-

AND

lenovothinkpad_x1_yoga_4th_genMatch-

Node

lenovothinkpad_x1_yoga_5th_gen_firmwareMatch-

AND

lenovothinkpad_x1_yoga_5th_genMatch-

Node

lenovothinkpad_x1_yoga_6th_gen_firmwareRange<1.59

AND

lenovothinkpad_x1_yoga_6th_genMatch-

Node

lenovothinkpad_x1_yoga_7th_gen_firmwareRange<1.37

AND

lenovothinkpad_x1_yoga_7th_genMatch-

Node

lenovothinkpad_x12_detachable_gen_1_firmwareRange<1.28

AND

lenovothinkpad_x12_detachable_gen_1Match-

Node

lenovothinkpad_x13_firmwareRange<1.26

AND

lenovothinkpad_x13Match-

Node

lenovothinkpad_x13_gen_2_firmwareRange<1.51

AND

lenovothinkpad_x13_gen_2Match-

Node

lenovothinkpad_x13_gen_2_firmwareRange<1.37

AND

lenovothinkpad_x13_gen_2Match-

Node

lenovothinkpad_x13_gen_3_firmwareRange<1.33

AND

lenovothinkpad_x13_gen_3Match-

Node

lenovothinkpad_x13_yoga_gen_1_firmwareRange<1.45

AND

lenovothinkpad_x13_yoga_gen_1Match-

Node

lenovothinkpad_x13_yoga_gen_2_firmwareRange<1.4

AND

lenovothinkpad_x13_yoga_gen_2Match-

Node

lenovothinkpad_x13_yoga_gen_3_firmwareRange<1.09

AND

lenovothinkpad_x13_yoga_gen_3Match-

Node

lenovothinkpad_x390_firmwareMatch-

AND

lenovothinkpad_x390Match-

Node

lenovothinkpad_x390_firmwareMatch-

AND

lenovothinkpad_x390Match-

Node

lenovothinkpad_x390_yoga_firmwareRange<1.95

AND

lenovothinkpad_x390_yogaMatch-

Node

lenovothinkpad_z13_gen_1_firmwareRange<1.57

AND

lenovothinkpad_z13_gen_1Match-

Node

lenovothinkpad_z16_gen_1_firmwareRange<1.57

AND

lenovothinkpad_z16_gen_1Match-

CPENameOperatorVersion
lenovo:thinkpad_e14_firmwarelenovo thinkpad e14 firmwarelt1.23

CPE	Name	Operator	Version
lenovo:thinkpad_e14_firmware	lenovo thinkpad e14 firmware	lt	1.23

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ThinkPad BIOS",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-106014

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-48189

cvelist1 nvd1 prion1