CVE-2022-40137

CWE-120 — Classic Buffer Overflow5 documents4 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 84.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

288

Lenovo Bios Lenovo Ideacentre 3-07ada05 Firmware Lenovo Ideacentre 3-07imb05 Firmware +285 more

Timeline

PublishedJan 30

Latest updateJan 31

Description

A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages287 packages

▶CVEListV5lenovo/biosvarious

▶NVDlenovo/v520_firmwarem16kt69a

▶NVDlenovo/v520s_firmwarem16kt69a

▶NVDlenovo/qt_b415_firmwarem16kt69a

▶NVDlenovo/qt_m410_firmwarem16kt69a

🔴Vulnerability Details

GHSA

GHSA-wqx8-q4r7-4c45: A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary co↗2023-01-31

▶

CVEList

CVE-2022-40137: A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary co↗2023-01-30

▶

🕵️Threat Intelligence

Qualys

Remediate Your Vulnerable Lenovo Systems with Qualys Custom Assessment and Remediation↗2022-09-28

▶