CVE-2022-1891 — Heap-based Buffer Overflow in Lenovo Thinkbook 14-iil Firmware

CWE-122 — Heap-based Buffer Overflow CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

7.8HIGHNVD

CNA6.7

EPSS

0.0%

top 86.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Thinkbook 14-iil Firmware Lenovo Thinkbook 14-iml Firmware Lenovo Thinkbook 15-iil Firmware +4 more

Timeline

PublishedJan 26

Description

A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

▶NVDlenovo/yoga_c640-13iml_firmware< chcn28ww

▶NVDlenovo/thinkbook_14-iil_firmware< djcn28ww

▶NVDlenovo/thinkbook_14-iml_firmware< cjcn38ww

▶NVDlenovo/thinkbook_15-iil_firmware< djcn28ww

▶NVDlenovo/thinkbook_15-iml_firmware< cjcn38ww

🔴Vulnerability Details

GHSA

GHSA-f95f-f57p-rc4m: A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary↗2023-01-26

▶

CVEList

CVE-2022-1891: A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary↗2023-01-23

▶