CVE-2022-48188: A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to…

high7.8CVSS 3.1

AVLACLPRLUINSUCHIHAH

A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.

Affected

32 ranges· showing 25

Vendor	Product	Version range	Fixed in
lenovo	ideacentre_510s-07icb_firmware	< m22kt48a	m22kt48a
lenovo	ideacentre_510s-07icb_firmware	< m22kt49a	m22kt49a
lenovo	ideacentre_510s-07ick_firmware	< m30kt28a	m30kt28a
lenovo	ideacentre_510s-07ick_firmware	< m1zkt40a	m1zkt40a
lenovo	ideacentre_720-18apr_firmware	< m25kt63a	m25kt63a
lenovo	ideacentre_aio_3-22itl6_firmware	< o5akt33	o5akt33
lenovo	ideacentre_aio_3-24itl6_firmware	< o5akt33	o5akt33
lenovo	ideacentre_aio_3-27itl6_firmware	< o5akt33	o5akt33
lenovo	ideacentre_aio_3_21itl7_firmware	< o5akt33	o5akt33
lenovo	thinkcentre_m720e_firmware	< m1zkt40a	m1zkt40a
lenovo	thinkcentre_m720q_firmware	< m1ukt70a	m1ukt70a
lenovo	thinkcentre_m720s_firmware	< m1ukt70a	m1ukt70a
lenovo	thinkcentre_m720t_firmware	< m1ukt70a	m1ukt70a
lenovo	thinkcentre_m725s_firmware	< m25kt63a	m25kt63a
lenovo	thinkcentre_m75s_gen_2_firmware	< m46kt30a	m46kt30a
lenovo	thinkcentre_m75s_gen_2_firmware	< m3bkt30a	m3bkt30a
lenovo	thinkcentre_m75t_gen_2_firmware	< m46kt30a	m46kt30a
lenovo	thinkcentre_m75t_gen_2_firmware	< m3akt4ca	m3akt4ca
lenovo	thinkcentre_m920q_firmware	< m1ukt70a	m1ukt70a
lenovo	thinkcentre_m920s_firmware	< m1ukt70a	m1ukt70a
lenovo	thinkcentre_m920t_firmware	< m1ukt70a	m1ukt70a
lenovo	thinkcentre_m920x_firmware	< m1ukt70a	m1ukt70a
lenovo	thinkcentre_m920z_firmware	< m1mkt55a	m1mkt55a
lenovo	thinkstation_bios	—	—
lenovo	thinkstation_p330_tiny_firmware	< m1ukt70a	m1ukt70a