CVE-2022-4574

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.0%

top 93.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Thinkpad L14 Firmware Lenovo Thinkpad L15 Firmware Lenovo Thinkpad P14s GEN 1 Firmware +45 more

Timeline

PublishedOct 30

Description

An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages48 packages

▶CVEListV5lenovo/thinkpad_biosvarious

▶NVDlenovo/thinkpad_l14_firmware< 1.20

▶NVDlenovo/thinkpad_l15_firmware< 1.20

▶NVDlenovo/thinkpad_x13_firmware< 1.26

▶NVDlenovo/thinkpad_t14s_firmware< 1.26

🔴Vulnerability Details

CVEList

CVE-2022-4574: An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to↗2023-10-30

▶

GHSA

GHSA-fm9f-7rqx-chvx: An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to↗2023-10-30

▶