CVE-2022-40135

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

4.4MEDIUM

EPSS

0.1%

top 83.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

135

Lenovo Ideacentre 3-07ada05 Firmware Lenovo Ideacentre 3-07imb05 Firmware Lenovo Ideacentre 3 07iab7 Firmware +132 more

Timeline

PublishedJan 30

Latest updateJan 31

Description

An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages135 packages

▶NVDlenovo/thinksmart_hub_zoom_firmware< m2xkt20a

▶NVDlenovo/thinksmart_hub_teams_firmware< m2xkt20a

▶NVDlenovo/thinksmart_core_device\_zoom_rooms_firmware

▶NVDlenovo/thinksmart_core_\&_controller_kit\_microsoft_teams_rooms_firmware, _zoom_rooms_firmware+1

▶NVDlenovo/thinksmart_core_\&_controller_full_room_kit\_microsoft_teams_rooms_firmware, _zoom_rooms_firmware+1

🔴Vulnerability Details

GHSA

GHSA-rwwv-hvjg-wcrp: An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated p↗2023-01-31

▶

CVEList

CVE-2022-40135: An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated p↗2023-01-30

▶