CVE-2022-48181

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 86.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

115

Lenovo Ideacentre 3-07ada05 Firmware Lenovo Ideacentre 3-07imb05 Firmware Lenovo Ideacentre 3 07ach7 Firmware +112 more

Timeline

PublishedJun 5

Latest updateJun 6

Description

An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages115 packages

▶CVEListV5lenovo/thinkstation_biosvarious

▶NVDlenovo/v30a-22itl_firmware< o5akt33

▶NVDlenovo/v30a-24itl_firmware< o5akt33

▶NVDlenovo/v35s-07ada_firmware< m4mkt12a

▶NVDlenovo/v50s-07imb_firmware< m2vkt1ea

🔴Vulnerability Details

GHSA

GHSA-grw6-c348-h4cc: An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate↗2023-06-06

▶

CVEList

CVE-2022-48181: An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate↗2023-06-05

▶