CVE-2022-48189: An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute…

medium6.7CVSS 3.1

AVLACLPRHUINSUCHIHAH

An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.

Affected

76 ranges· showing 25

Vendor	Product	Version range	Fixed in
lenovo	thinkpad_bios	—	—
lenovo	thinkpad_e14_firmware	< 1.23	1.23
lenovo	thinkpad_e14_gen_2_firmware	< 1.55	1.55
lenovo	thinkpad_e14_gen_4_firmware	< 1.18	1.18
lenovo	thinkpad_e14_gen_4_firmware	< 1.16	1.16
lenovo	thinkpad_e15_firmware	< 1.23	1.23
lenovo	thinkpad_e15_gen_2_firmware	< 1.55	1.55
lenovo	thinkpad_e15_gen_4_firmware	< 1.18	1.18
lenovo	thinkpad_e15_gen_4_firmware	< 1.16	1.16
lenovo	thinkpad_e490_firmware	< 1.34	1.34
lenovo	thinkpad_e490s_firmware	< 1.34	1.34
lenovo	thinkpad_e590_firmware	< 1.34	1.34
lenovo	thinkpad_l13_gen_3_firmware	< 1.14	1.14
lenovo	thinkpad_l13_yoga_gen_3_firmware	< 1.14	1.14
lenovo	thinkpad_l14_firmware	< 1.2	1.2
lenovo	thinkpad_l14_firmware	< 1.3	1.3
lenovo	thinkpad_l14_firmware	< 1.26	1.26
lenovo	thinkpad_l15_firmware	< 1.2	1.2
lenovo	thinkpad_l15_firmware	< 1.3	1.3
lenovo	thinkpad_l15_gen_3_firmware	< 1.26	1.26
lenovo	thinkpad_l490_firmware	< 1.32	1.32
lenovo	thinkpad_l590_firmware	< 1.32	1.32
lenovo	thinkpad_p14s_gen_1_firmware	< 1.28	1.28
lenovo	thinkpad_p14s_gen_2_firmware	< 1.34	1.34
lenovo	thinkpad_p15_gen_1_firmware	< 1.32	1.32