Lenovo Ideapad 1 14Iau7 Firmware vulnerabilities

CVE-2022-3746 [MEDIUM] CWE-284 CVE-2022-3746: A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface.

CVE-2022-3744 [MEDIUM] CWE-798 CVE-2022-3744: A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential.

CVE-2022-3745 [MEDIUM] CWE-200 CVE-2022-3745: A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI.

CVE-2022-3742 [MEDIUM] CWE-120 CVE-2022-3742: A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation.

CVE-2022-3743 [MEDIUM] CWE-200 CVE-2022-3743: A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands.