CVE-2022-1107 - OpenCVE

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	Thinkpad X1 Tablet Gen 2 Thinkpad W540 Firmware Thinkpad W541 Thinkpad Yoga 260 Firmware Thinkpad X1 Yoga Gen 2 Firmware Thinkpad L560 Thinkpad P52s Thinkpad X1 Tablet Gen 1 Thinkpad 11e Yoga Firmware Thinkpad X1 Yoga Thinkpad S540 Firmware Thinkpad P50s Firmware Thinkpad X280 Thinkpad X1 Carbon 5th Gen Kabylake Firmware Thinkpad X280 Firmware Thinkpad Yoga 260 Thinkpad L570 Firmware Thinkpad P50s Thinkpad P52s Firmware Thinkpad T570 Firmware Thinkpad T570 Thinkpad W550s Firmware Thinkpad 11e Yoga Thinkpad X250 Firmware Thinkpad T580 Thinkpad X1 Carbon 3rd Gen Thinkpad L560 Firmware Thinkpad 11e Thinkpad Helix Firmware Thinkpad X1 Carbon 4th Gen Firmware Thinkpad Yoga 15 Firmware Thinkpad X390 Firmware Thinkpad X1 Carbon 5th Gen Skylake Thinkpad P51s Thinkpad W550s Thinkpad X1 Carbon 5th Gen Skylake Firmware Thinkpad X1 Tablet Gen 2 Firmware Thinkpad X1 Tablet Gen 1 Firmware Thinkpad X1 Yoga Gen 3 Thinkpad X250 Thinkpad W541 Firmware Thinkpad S540 Thinkpad X1 Yoga Firmware Thinkpad T580 Firmware Thinkpad T560 Firmware Thinkpad Helix Thinkpad 11e Firmware Thinkpad T560 Thinkpad W540 Thinkpad T550 Thinkpad X1 Carbon 4th Gen Thinkpad X1 Carbon 5th Gen Kabylake Thinkpad X1 Carbon 3rd Gen Firmware Thinkpad Yoga 15 Thinkpad X1 Yoga Gen 3 Firmware Thinkpad P51s Firmware Thinkpad L570 Thinkpad X1 Yoga Gen 2 Thinkpad X390 Thinkpad T550 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:thinkpad_11e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_11e:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:thinkpad_helix_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_helix:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:thinkpad_l560_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_l560:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:lenovo:thinkpad_l570_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_l570:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:lenovo:thinkpad_p50s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_p50s:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:lenovo:thinkpad_p51s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_p51s:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:lenovo:thinkpad_p52s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_p52s:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:lenovo:thinkpad_s540_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_s540:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t550_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t550:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t560_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t560:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t570_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t570:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t580_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t580:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_tablet_gen_1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_tablet_gen_1:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_tablet_gen_2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_tablet_gen_2:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:lenovo:thinkpad_w540_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_w540:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:lenovo:thinkpad_w541_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_w541:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:lenovo:thinkpad_w550s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_w550s:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_carbon_3rd_gen_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_carbon_3rd_gen:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_carbon_4th_gen_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_carbon_4th_gen:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_carbon_5th_gen_kabylake_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_carbon_5th_gen_kabylake:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_carbon_5th_gen_skylake_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_carbon_5th_gen_skylake:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_yoga_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_yoga:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_yoga_gen_2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_yoga_gen_2:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_yoga_gen_3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_yoga_gen_3:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x250:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x280_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x280:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x390_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x390:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:lenovo:thinkpad_11e_yoga_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_11e_yoga:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:lenovo:thinkpad_yoga_15_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_yoga_15:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:lenovo:thinkpad_yoga_260_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_yoga_260:-:*:*:*:*:*:*:*

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-84943	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: lenovo

Published: 2022-04-22T20:30:50

Updated: 2022-04-29T14:00:16

Reserved: 2022-03-27T00:00:00

Link: CVE-2022-1107

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-04-22T21:15:10.300

Modified: 2022-05-12T13:42:48.583

Link: CVE-2022-1107

JSON object: View

Redhat Information

No data.

CWE