MEDIUM🇬🇧 English

CVE-2022-1108

CVSS 6.7v3.1pub. 2022-04-22upd. 2024-11-21

A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Lenovo Thinkpad X1 Fold Gen 1

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad X1 Fold Gen 1 Firmware

    OS
    Lenovo
    < n2pet50w
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2022-4573MEDIUM6.7ten sam produkt

An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with loca...

CVE-2022-4574MEDIUM6.7ten sam produkt

An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker wit...

CVE-2021-3599MEDIUM6.7ten sam produkt

A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may...

CVE-2021-3786MEDIUM4.4ten sam produkt

A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ...

CVE-2021-3843MEDIUM6.7ten sam produkt

A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker w...