CVE-2022-4574: An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute…

medium6.7CVSS 3.1

AVLACLPRHUINSUCHIHAH

An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.

Affected

48 ranges· showing 25

Vendor	Product	Version range	Fixed in
lenovo	thinkpad_bios	—	—
lenovo	thinkpad_l14_firmware	< 1.20	1.20
lenovo	thinkpad_l15_firmware	< 1.20	1.20
lenovo	thinkpad_p14s_gen_1_firmware	< 1.28	1.28
lenovo	thinkpad_p14s_gen_3_firmware	< 1.31	1.31
lenovo	thinkpad_p15_gen_1_firmware	< 1.32	1.32
lenovo	thinkpad_p15_gen_2_firmware	< 1.25	1.25
lenovo	thinkpad_p15s_gen_1_firmware	< 1.28	1.28
lenovo	thinkpad_p15v_gen_1_firmware	< 1.32	1.32
lenovo	thinkpad_p15v_gen_2_firmware	< 1.19	1.19
lenovo	thinkpad_p15v_gen_3_firmware	< 1.15	1.15
lenovo	thinkpad_p16_gen_1_firmware	< 1.17	1.17
lenovo	thinkpad_p16s_gen_1_firmware	< 1.31	1.31
lenovo	thinkpad_p17_gen_1_firmware	< 1.32	1.32
lenovo	thinkpad_p17_gen_2_firmware	< 1.25	1.25
lenovo	thinkpad_p1_gen_3_firmware	< 1.27	1.27
lenovo	thinkpad_p1_gen_4_firmware	—	—
lenovo	thinkpad_p1_gen_5_firmware	< 1.16	1.16
lenovo	thinkpad_t14_gen_1_firmware	< 1.28	1.28
lenovo	thinkpad_t14_gen_3_firmware	< 1.31	1.31
lenovo	thinkpad_t14s_firmware	< 1.26	1.26
lenovo	thinkpad_t14s_gen_2_firmware	< 1.51	1.51
lenovo	thinkpad_t14s_gen_3_firmware	< 1.33	1.33
lenovo	thinkpad_t15g_gen_1_firmware	< 1.32	1.32
lenovo	thinkpad_t15g_gen_2_firmware	< 1.25	1.25