Published: 26/01/2023 Updated: 03/02/2023

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lenovo 100e_2nd_gen_firmware
lenovo 100w_gen_3_firmware
lenovo 13w_yoga_firmware
lenovo 14w_gen_2_firmware
lenovo 300e_2nd_gen_firmware
lenovo 300w_gen_3_firmware
lenovo 500w_gen_3_firmware
lenovo 730s-13iml_firmware
lenovo flex_3-11ada05_firmware
lenovo flex_5-14alc05_firmware
lenovo flex_5-14are05_firmware
lenovo flex_5-14iil05_firmware
lenovo flex_5-14itl05_firmware
lenovo flex_5-15alc05_firmware
lenovo flex_5-15iil05_firmware
lenovo flex_5-15itl05_firmware
lenovo ideapad_1-11ada05_firmware
lenovo ideapad_1-11igl05_firmware
lenovo ideapad_1-14ada05_firmware
lenovo ideapad_1-14igl05_firmware
lenovo ideapad_3-15ada05_firmware
lenovo ideapad_3-14ada05_firmware
lenovo ideapad_3-14ada6_firmware
lenovo ideapad_3-14alc6_firmware
lenovo ideapad_3-15ada6_firmware
lenovo ideapad_3-15alc6_firmware
lenovo ideapad_3-17alc6_firmware
lenovo ideapad_3-17ada05_firmware
lenovo ideapad_3-17ada6_firmware
lenovo ideapad_5_15aba7_firmware
lenovo ideapad_flex_5_14alc7_firmware
lenovo ideapad_flex_5_16alc7_firmware
lenovo legion_s7-15imh5_firmware
lenovo legion_s7-15ach6_firmware
lenovo legion_s7-15arh5_firmware
lenovo s145-14api_firmware
lenovo s145-14ast_firmware
lenovo s145-15api_firmware
lenovo s145-15ast_firmware
lenovo s540-13api_firmware
lenovo ideapad_s940-14iil_firmware
lenovo yoga_s940-14iil_firmware
lenovo ideapad_slim_1-14ast-05_firmware
lenovo ideapad_slim_1-11ast-05_firmware
lenovo thinkbook_13s_g3_acn_firmware
lenovo thinkbook_13s_g2_are_firmware
lenovo thinkbook_13s_g2_itl_firmware
lenovo thinkbook_13s-iml_firmware
lenovo thinkbook_14-iil_firmware
lenovo thinkbook_14-iml_firmware
lenovo thinkbook_14p_g2_ach_firmware
lenovo thinkbook_14s_g2_itl_firmware
lenovo thinkbook_14s-iml_firmware
lenovo thinkbook_15-iil_firmware
lenovo thinkbook_15-iml_firmware
lenovo thinkbook_16p_g2_ach_firmware
lenovo v130-15ikb_firmware
lenovo v14_g2-alc_firmware
lenovo v14-ada_firmware
lenovo v15_g2-alc_firmware
lenovo v15-ada_firmware
lenovo yoga_9-15imh5_firmware
lenovo yoga_c640-13iml_firmware
lenovo yoga_c640-13iml_lte_firmware
lenovo yoga_c940-15irh_firmware
lenovo yoga_s730-13iml_firmware
lenovo yoga_slim_7_pro-14ach5_firmware
lenovo yoga_slim_7_pro-14ach5_o_firmware
lenovo yoga_slim_7_pro-14arh5_firmware
lenovo ideapad_5-15alc05_firmware

Lenovo issues firmware updates after UEFI vulnerabilities disclosed

The Register • Richard Speed • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Déjà vu all over again for laptop maker as researchers poke holes in its code

Security researchers have spotted fresh flaws in Lenovo laptops just months after the vendor patched a bunch of its products. The PC maker has now fixed the trio of bugs, which were flagged up by ESET this week. More than 70 models were impacted by this latest issue, including a number of ThinkBook devices. The vulnerabilities reported were buffer overflows in the UEFI firmware. "The vulnerabilities," explained the ESET Research team, "can be exploited to achieve arbitrary code execution in the ...

CVE-2022-1892

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect