MEDIUM🇬🇧 English

CVE-2022-4575

CVSS 6.7v3.1pub. 2023-10-30upd. 2024-11-21

A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Lenovo Thinkpad 25

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad 25 Firmware

    OS
    Lenovo
    < 1.73
  • Lenovo Thinkpad L560

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad L560 Firmware

    OS
    Lenovo
    < 1.62
  • Lenovo Thinkpad P50

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad P50 Firmware

    OS
    Lenovo
    < 1.71
  • Lenovo Thinkpad P50s

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad P50s Firmware

    OS
    Lenovo
    < 1.45
  • Lenovo Thinkpad P70

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad P70 Firmware

    OS
    Lenovo
    < 2.45
  • Lenovo Thinkpad T470

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad T470 Firmware

    OS
    Lenovo
    < 1.73
  • Lenovo Thinkpad T470s

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad T470s Firmware

    OS
    Lenovo
    < 1.49
  • Lenovo Thinkpad T560

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad T560 Firmware

    OS
    Lenovo
    < 1.45
  • Lenovo Thinkpad X1 Carbon 4th Gen

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad X1 Carbon 4th Gen Firmware

    OS
    Lenovo
    < 1.56
  • Lenovo Thinkpad X1 Yoga 1st Gen

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad X1 Yoga 1st Gen Firmware

    OS
    Lenovo
    < 1.56
  • Lenovo Thinkpad X260

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad X260 Firmware

    OS
    Lenovo
    < 1.50
  • Lenovo Thinkpad X270

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad X270 Firmware

    OS
    Lenovo
    < 1.47
  • Lenovo Thinkpad Yoga 260

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad Yoga 260 Firmware

    OS
    Lenovo
    < 1.88
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2019-18619HIGH7.8ten sam produkt

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all ver...

CVE-2018-16098HIGH7.8ten sam produkt

In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics...

CVE-2017-3767HIGH7.8ten sam produkt

A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1....

CVE-2022-1107MEDIUM6.7ten sam produkt

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMI...

CVE-2021-3599MEDIUM6.7ten sam produkt

A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may...