CVE-2022-1108

CWE-20Improper Input ValidationCWE-269Improper Privilege Management34 documents4 sources
Severity
6.7MEDIUM
EPSS
0.0%
top 91.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Lenovo Thinkpad X1 Fold GEN 1 FirmwareLenovo Thinkpad Bios
Timeline
PublishedApr 22
Latest updateApr 23

Description

A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5lenovo/thinkpad_biosvarious

🔴Vulnerability Details

2
GHSA
GHSA-f7ff-r7m3-qvvg: A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited2022-04-23
CVEList
CVE-2022-1108: A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited2022-04-22

📋Vendor Advisories

31
Microsoft
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability2022-02-08
Microsoft
Chromium: CVE-2022-0464 Use after free in Accessibility2022-02-08
Microsoft
Chromium: CVE-2022-0608 Integer overflow in Mojo2022-02-08
Microsoft
Chromium: CVE-2022-0462 Inappropriate implementation in Scroll2022-02-08
Microsoft
Chromium: CVE-2022-0610 Inappropriate implementation in Gamepad API2022-02-08
CVE-2022-1108 (MEDIUM CVSS 6.7) | A potential vulnerability due to im | cvebase.io