CVE-2022-40136 — Out-of-bounds Read in Lenovo Ideacentre 3-07ada05 Firmware

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 84.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

146

Lenovo Ideacentre 3-07ada05 Firmware Lenovo Ideacentre 3-07imb05 Firmware Lenovo Ideacentre 3 07iab7 Firmware +143 more

Timeline

PublishedJan 30

Latest updateJan 31

Description

An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages146 packages

▶NVDlenovo/v520_firmware< m16kt68a

▶NVDlenovo/v520s_firmware< m16kt68a

▶NVDlenovo/qt_b415_firmware< m16kt68a

▶NVDlenovo/qt_m410_firmware< m16kt68a

▶NVDlenovo/qt_m415_firmware< m16kt68a

🔴Vulnerability Details

GHSA

GHSA-v369-vhcp-5p3x: An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local a↗2023-01-31

▶

CVEList

CVE-2022-40136: An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local a↗2023-01-30

▶