CVE-2022-1890 — Heap-based Buffer Overflow in Lenovo Thinkbook 14-iil Firmware

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

7.8HIGHNVD

CNA6.7

EPSS

0.0%

top 86.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Thinkbook 14-iil Firmware Lenovo Thinkbook 14-iml Firmware Lenovo Thinkbook 15-iil Firmware +4 more

Timeline

PublishedJan 26

Description

A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

▶NVDlenovo/yoga_c640-13iml_firmware< chcn28ww

▶NVDlenovo/thinkbook_14-iil_firmware< djcn28ww

▶NVDlenovo/thinkbook_14-iml_firmware< cjcn38ww

▶NVDlenovo/thinkbook_15-iil_firmware< djcn28ww

▶NVDlenovo/thinkbook_15-iml_firmware< cjcn38ww

🔴Vulnerability Details

GHSA

GHSA-fxjv-gjx6-26c5: A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code↗2023-01-26

▶

CVEList

CVE-2022-1890: A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code↗2023-01-23

▶