CVE-2022-48189 — Improper Input Validation in Lenovo Thinkpad E14 Firmware

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.7MEDIUMNVD

EPSS

0.0%

top 94.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Thinkpad E14 Firmware Lenovo Thinkpad E14 GEN 2 Firmware Lenovo Thinkpad E14 GEN 4 Firmware +66 more

Timeline

PublishedOct 30

Description

An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages69 packages

▶CVEListV5lenovo/thinkpad_biosvarious

▶NVDlenovo/thinkpad_e14_firmware< 1.23

▶NVDlenovo/thinkpad_e15_firmware< 1.23

▶NVDlenovo/thinkpad_l14_firmware< 1.2+2

▶NVDlenovo/thinkpad_l15_firmware< 1.2+1

🔴Vulnerability Details

CVEList

CVE-2022-48189: An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to↗2023-10-30

▶

GHSA

GHSA-grhf-9x38-2pm7: An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to↗2023-10-30

▶