CVE-2022-4575

CWE-276 — Incorrect Default Permissions3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.0%

top 99.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Thinkpad 25 Firmware Lenovo Thinkpad L560 Firmware Lenovo Thinkpad P50 Firmware +11 more

Timeline

PublishedOct 30

Description

A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages14 packages

▶CVEListV5lenovo/thinkpad_biosvarious

▶NVDlenovo/thinkpad_25_firmware< 1.73

▶NVDlenovo/thinkpad_p50_firmware< 1.71

▶NVDlenovo/thinkpad_p70_firmware< 2.45

▶NVDlenovo/thinkpad_l560_firmware< 1.62

🔴Vulnerability Details

CVEList

CVE-2022-4575: A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physi↗2023-10-30

▶

GHSA

GHSA-4m6r-j49h-94c5: A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physi↗2023-10-30

▶