Lucene search

[email protected]CVE-2022-48189

HistoryOct 30, 2023 - 3:15 p.m.

CVE-2022-48189

2023-10-3015:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2022-48189

smm

driver

input validation

bios

thinkpad

vulnerability

local access

elevated privileges

arbitrary code

nvd

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:M/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.

CPENameOperatorVersion
lenovo:thinkpad_e14_firmwarelenovo thinkpad e14 firmwarelt1.23
lenovo:thinkpad_e14_gen_2_firmwarelenovo thinkpad e14 gen 2 firmwarelt1.55
lenovo:thinkpad_e14_gen_4_firmwarelenovo thinkpad e14 gen 4 firmwarelt1.18
lenovo:thinkpad_e14_gen_4_firmwarelenovo thinkpad e14 gen 4 firmwarelt1.16
lenovo:thinkpad_e15_firmwarelenovo thinkpad e15 firmwarelt1.23
lenovo:thinkpad_e15_gen_2_firmwarelenovo thinkpad e15 gen 2 firmwarelt1.55
lenovo:thinkpad_e15_gen_4_firmwarelenovo thinkpad e15 gen 4 firmwarelt1.18
lenovo:thinkpad_e15_gen_4_firmwarelenovo thinkpad e15 gen 4 firmwarelt1.16
lenovo:thinkpad_e490_firmwarelenovo thinkpad e490 firmwarelt1.34
lenovo:thinkpad_e490s_firmwarelenovo thinkpad e490s firmwarelt1.34

CPE	Name	Operator	Version
lenovo:thinkpad_e14_firmware	lenovo thinkpad e14 firmware	lt	1.23
lenovo:thinkpad_e14_gen_2_firmware	lenovo thinkpad e14 gen 2 firmware	lt	1.55
lenovo:thinkpad_e14_gen_4_firmware	lenovo thinkpad e14 gen 4 firmware	lt	1.18
lenovo:thinkpad_e14_gen_4_firmware	lenovo thinkpad e14 gen 4 firmware	lt	1.16
lenovo:thinkpad_e15_firmware	lenovo thinkpad e15 firmware	lt	1.23
lenovo:thinkpad_e15_gen_2_firmware	lenovo thinkpad e15 gen 2 firmware	lt	1.55
lenovo:thinkpad_e15_gen_4_firmware	lenovo thinkpad e15 gen 4 firmware	lt	1.18
lenovo:thinkpad_e15_gen_4_firmware	lenovo thinkpad e15 gen 4 firmware	lt	1.16
lenovo:thinkpad_e490_firmware	lenovo thinkpad e490 firmware	lt	1.34
lenovo:thinkpad_e490s_firmware	lenovo thinkpad e490s firmware	lt	1.34

Rows per page:

1-10 of 951

References

support.lenovo.com/us/en/product_security/LEN-106014

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:M/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2022-48189

cvelist1 prion1