CVE-2022-48188

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 86.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Ideacentre 510s-07icb Firmware Lenovo Ideacentre 510s-07ick Firmware Lenovo Ideacentre 720-18apr Firmware +25 more

Timeline

PublishedJun 5

Latest updateJun 6

Description

A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages28 packages

▶CVEListV5lenovo/thinkstation_biosvarious

▶NVDlenovo/thinkstation_p520_firmware< s03kt58a

▶NVDlenovo/thinkstation_p520c_firmware< s03kt58a

▶NVDlenovo/thinkstation_p330_tiny_firmware< m1ukt70a

▶NVDlenovo/thinkstation_p360_ultra_firmware< s0fkt27a

🔴Vulnerability Details

GHSA

GHSA-44q7-gj7w-2qrj: A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local acc↗2023-06-06

▶

CVEList

CVE-2022-48188: A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local acc↗2023-06-05

▶