CVE-2022-1107: During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad…

medium6.7CVSS 3.1

AVLACLPRHUINSUCHIHAH

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.

Affected

31 ranges· showing 25

Vendor	Product	Version range	Fixed in
lenovo	thinkpad_11e_firmware	< n15et78w	n15et78w
lenovo	thinkpad_11e_yoga_firmware	< n15et78w	n15et78w
lenovo	thinkpad_bios	—	—
lenovo	thinkpad_helix_firmware	< n17eta8w	n17eta8w
lenovo	thinkpad_l560_firmware	< n1het85w	n1het85w
lenovo	thinkpad_l570_firmware	< n1xet65w	n1xet65w
lenovo	thinkpad_p50s_firmware	< n1ket46w	n1ket46w
lenovo	thinkpad_p51s_firmware	< n1vet50w	n1vet50w
lenovo	thinkpad_p52s_firmware	< n27et36w	n27et36w
lenovo	thinkpad_s540_firmware	< gpet80ww	gpet80ww
lenovo	thinkpad_t550_firmware	< n11et50w	n11et50w
lenovo	thinkpad_t560_firmware	< n1ket46w	n1ket46w
lenovo	thinkpad_t570_firmware	< n1vet50w	n1vet50w
lenovo	thinkpad_t580_firmware	< n27et36w	n27et36w
lenovo	thinkpad_w540_firmware	< gnet92ww	gnet92ww
lenovo	thinkpad_w541_firmware	< gnet92ww	gnet92ww
lenovo	thinkpad_w550s_firmware	< n11et50w	n11et50w
lenovo	thinkpad_x1_carbon_3rd_gen_firmware	< n14et52w	n14et52w
lenovo	thinkpad_x1_carbon_4th_gen_firmware	< n1fet70w	n1fet70w
lenovo	thinkpad_x1_carbon_5th_gen_kabylake_firmware	< n1met55w	n1met55w
lenovo	thinkpad_x1_carbon_5th_gen_skylake_firmware	< n1met55w	n1met55w
lenovo	thinkpad_x1_tablet_gen_1_firmware	< n1let86w	n1let86w
lenovo	thinkpad_x1_tablet_gen_2_firmware	< n1oet50w	n1oet50w
lenovo	thinkpad_x1_yoga_firmware	< n1fet70w	n1fet70w
lenovo	thinkpad_x1_yoga_gen_2_firmware	< n1net47w	n1net47w