An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.  

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Lenovo
  • Thinkpad T14s Firmware
  • Thinkpad P15s Gen 2 Firmware
  • Thinkpad L15
  • Thinkpad P14s Gen 1
  • Thinkpad T15 Gen 2 Firmware
  • Thinkpad P17 Gen 1
  • Thinkpad X1 Nano Gen 1
  • Thinkpad X1 Extreme Gen 5
  • Thinkpad T15p Gen 3
  • Thinkpad T14 Gen 3 Firmware
  • Thinkpad L15 Gen 2
  • Thinkpad X1 Titanium
  • Thinkpad P16s Gen 1
  • Thinkpad T15 Gen 2
  • Thinkpad T14s Gen 3 Firmware
  • Thinkpad T16 Gen 1 Firmware
  • Thinkpad X1 Extreme Gen 5 Firmware
  • Thinkpad T14s Gen 2 Firmware
  • Thinkpad X1 Fold Gen 1 Firmware
  • Thinkpad X1 Carbon 7th Gen
  • Thinkpad T15g Gen 2
  • Thinkpad P17 Gen 1 Firmware
  • Thinkpad X13 Yoga Gen 2
  • Thinkpad P14s Gen 3 Firmware
  • Thinkpad P16s Gen 1 Firmware
  • Thinkpad T14 Gen 1
  • Thinkpad T15p Gen 3 Firmware
  • Thinkpad X1 Yoga 5th Gen
  • Thinkpad T15g Gen 1
  • Thinkpad P14s Gen 2 Firmware
  • Thinkpad P15v Gen 1
  • Thinkpad P1 Gen 3 Firmware
  • Thinkpad L14 Gen 2
  • Thinkpad X1 Carbon 10th Gen
  • Thinkpad X13 Gen 2
  • Thinkpad X1 Yoga 7th Gen
  • Thinkpad P15s Gen 2
  • Thinkpad X13 Yoga Gen 1
  • Thinkpad L14
  • Thinkpad L15 Gen 2 Firmware
  • Thinkpad X1 Titanium Firmware
  • Thinkpad P16 Gen 1 Firmware
  • Thinkpad X13 Yoga Gen 1 Firmware
  • Thinkpad T14 Gen 1 Firmware
  • Thinkpad X1 Nano Gen 2
  • Thinkpad P1 Gen 5
  • Thinkpad L14 Gen 2 Firmware
  • Thinkpad P15v Gen 1 Firmware
  • Thinkpad T15g Gen 1 Firmware
  • Thinkpad X1 Nano Gen 2 Firmware
  • Thinkpad X13 Yoga Gen 2 Firmware
  • Thinkpad P17 Gen 2
  • Thinkpad P16 Gen 1
  • Thinkpad T14s Gen 2
  • Thinkpad X1 Yoga 4th Gen Firmware
  • Thinkpad T14s
  • Thinkpad P15 Gen 1 Firmware
  • Thinkpad T14 Gen 2
  • Thinkpad X1 Fold Gen 1
  • Thinkpad X1 Extreme 4th Gen
  • Thinkpad X1 Carbon 10th Gen Firmware
  • Thinkpad X1 Extreme 3rd Gen
  • Thinkpad X1 Carbon 8th Gen
  • Thinkpad P17 Gen 2 Firmware
  • Thinkpad X1 Extreme 3rd Gen Firmware
  • Thinkpad P15s Gen 1
  • Thinkpad X1 Carbon 9th Gen
  • Thinkpad P14s Gen 2
  • Thinkpad X1 Yoga 5th Gen Firmware
  • Thinkpad P15v Gen 3 Firmware
  • Thinkpad T14 Gen 2 Firmware
  • Thinkpad X1 Yoga 4th Gen
  • Thinkpad T15p Gen 1 Firmware
  • Thinkpad P1 Gen 4
  • Thinkpad X13 Gen 3
  • Thinkpad X13 Gen 3 Firmware
  • Thinkpad T15p Gen 2
  • Thinkpad P14s Gen 3
  • Thinkpad P14s Gen 1 Firmware
  • Thinkpad X1 Extreme 4th Gen Firmware
  • Thinkpad P15v Gen 2
  • Thinkpad P15 Gen 1
  • Thinkpad P1 Gen 5 Firmware
  • Thinkpad L15 Firmware
  • Thinkpad L14 Firmware
  • Thinkpad X13 Firmware
  • Thinkpad X1 Carbon 9th Gen Firmware
  • Thinkpad T14 Gen 3
  • Thinkpad P1 Gen 4 Firmware
  • Thinkpad X1 Carbon 7th Gen Firmware
  • Thinkpad T14s Gen 3
  • Thinkpad X13 Gen 2 Firmware
  • Thinkpad X1 Yoga 6th Gen
  • Thinkpad P15v Gen 2 Firmware
  • Thinkpad X1 Yoga 6th Gen Firmware
  • Thinkpad P15s Gen 1 Firmware
  • Thinkpad P15v Gen 3
  • Thinkpad T15p Gen 1
  • Thinkpad X1 Carbon 8th Gen Firmware
  • Thinkpad P15 Gen 2 Firmware
  • Thinkpad X1 Nano Gen 1 Firmware
  • Thinkpad X13
  • Thinkpad T15p Gen 2 Firmware
  • Thinkpad P15 Gen 2
  • Thinkpad T15g Gen 2 Firmware
  • Thinkpad P1 Gen 3
  • Thinkpad X1 Yoga 7th Gen Firmware
  • Thinkpad T16 Gen 1

Configuration 1 [-]

AND
cpe:2.3:o:lenovo:thinkpad_x13_yoga_gen_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_x13_yoga_gen_2:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:lenovo:thinkpad_x13_yoga_gen_1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_x13_yoga_gen_1:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:lenovo:thinkpad_x13_gen_3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_x13_gen_3:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:lenovo:thinkpad_x13_gen_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_x13_gen_2:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:lenovo:thinkpad_x13_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_x13:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:lenovo:thinkpad_x1_yoga_7th_gen_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_x1_yoga_7th_gen:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:lenovo:thinkpad_x1_yoga_6th_gen_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_x1_yoga_6th_gen:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:lenovo:thinkpad_x1_yoga_5th_gen_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_x1_yoga_5th_gen:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:lenovo:thinkpad_x1_yoga_4th_gen_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_x1_yoga_4th_gen:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:lenovo:thinkpad_x1_titanium_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_x1_titanium:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:lenovo:thinkpad_x1_nano_gen_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_x1_nano_gen_2:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:lenovo:thinkpad_x1_nano_gen_1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_x1_nano_gen_1:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:lenovo:thinkpad_x1_fold_gen_1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_x1_fold_gen_1:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:lenovo:thinkpad_x1_extreme_gen_5_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_x1_extreme_gen_5:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:lenovo:thinkpad_x1_extreme_4th_gen_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_x1_extreme_4th_gen:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:lenovo:thinkpad_x1_extreme_3rd_gen_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_x1_extreme_3rd_gen:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:lenovo:thinkpad_x1_carbon_9th_gen_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_x1_carbon_9th_gen:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:lenovo:thinkpad_x1_carbon_8th_gen_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_x1_carbon_8th_gen:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:lenovo:thinkpad_x1_carbon_7th_gen_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_x1_carbon_7th_gen:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:lenovo:thinkpad_x1_carbon_10th_gen_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_x1_carbon_10th_gen:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:lenovo:thinkpad_t16_gen_1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_t16_gen_1:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND
cpe:2.3:o:lenovo:thinkpad_t15p_gen_3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_t15p_gen_3:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND
cpe:2.3:o:lenovo:thinkpad_t15p_gen_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_t15p_gen_2:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND
cpe:2.3:o:lenovo:thinkpad_t15p_gen_1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_t15p_gen_1:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND
cpe:2.3:o:lenovo:thinkpad_t15g_gen_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_t15g_gen_2:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND
cpe:2.3:o:lenovo:thinkpad_t15g_gen_1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_t15g_gen_1:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND
cpe:2.3:o:lenovo:thinkpad_t15_gen_2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_t15_gen_2:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND
cpe:2.3:o:lenovo:thinkpad_t14s_gen_3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_t14s_gen_3:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND
cpe:2.3:o:lenovo:thinkpad_t14s_gen_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_t14s_gen_2:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND
cpe:2.3:o:lenovo:thinkpad_t14s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_t14s:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND
cpe:2.3:o:lenovo:thinkpad_t14_gen_3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_t14_gen_3:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND
cpe:2.3:o:lenovo:thinkpad_t14_gen_2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_t14_gen_2:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND
cpe:2.3:o:lenovo:thinkpad_t14_gen_1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_t14_gen_1:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND
cpe:2.3:o:lenovo:thinkpad_p17_gen_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_p17_gen_2:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND
cpe:2.3:o:lenovo:thinkpad_p17_gen_1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_p17_gen_1:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND
cpe:2.3:o:lenovo:thinkpad_p16s_gen_1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_p16s_gen_1:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND
cpe:2.3:o:lenovo:thinkpad_p16_gen_1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_p16_gen_1:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND
cpe:2.3:o:lenovo:thinkpad_p15v_gen_3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_p15v_gen_3:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND
cpe:2.3:o:lenovo:thinkpad_p15v_gen_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_p15v_gen_2:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND
cpe:2.3:o:lenovo:thinkpad_p15v_gen_1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_p15v_gen_1:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND
cpe:2.3:o:lenovo:thinkpad_p15s_gen_2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_p15s_gen_2:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND
cpe:2.3:o:lenovo:thinkpad_p15s_gen_1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_p15s_gen_1:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND
cpe:2.3:o:lenovo:thinkpad_p15_gen_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_p15_gen_2:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND
cpe:2.3:o:lenovo:thinkpad_p15_gen_1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_p15_gen_1:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND
cpe:2.3:o:lenovo:thinkpad_p14s_gen_3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_p14s_gen_3:-:*:*:*:*:*:*:*

Configuration 46 [-]

AND
cpe:2.3:o:lenovo:thinkpad_p14s_gen_2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_p14s_gen_2:-:*:*:*:*:*:*:*

Configuration 47 [-]

AND
cpe:2.3:o:lenovo:thinkpad_p14s_gen_1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_p14s_gen_1:-:*:*:*:*:*:*:*

Configuration 48 [-]

AND
cpe:2.3:o:lenovo:thinkpad_p1_gen_5_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_p1_gen_5:-:*:*:*:*:*:*:*

Configuration 49 [-]

AND
cpe:2.3:o:lenovo:thinkpad_p1_gen_4_firmware:1.22:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_p1_gen_4:-:*:*:*:*:*:*:*

Configuration 50 [-]

AND
cpe:2.3:o:lenovo:thinkpad_p1_gen_3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_p1_gen_3:-:*:*:*:*:*:*:*

Configuration 51 [-]

AND
cpe:2.3:o:lenovo:thinkpad_l15_gen_2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_l15_gen_2:-:*:*:*:*:*:*:*

Configuration 52 [-]

AND
cpe:2.3:o:lenovo:thinkpad_l15_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_l15:-:*:*:*:*:*:*:*

Configuration 53 [-]

AND
cpe:2.3:o:lenovo:thinkpad_l14_gen_2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_l14_gen_2:-:*:*:*:*:*:*:*

Configuration 54 [-]

AND
cpe:2.3:o:lenovo:thinkpad_l14_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_l14:-:*:*:*:*:*:*:*
References
Link Resource
https://support.lenovo.com/us/en/product_security/LEN-106014 Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: lenovo

Published: 2023-10-30T14:36:23.273Z

Updated: 2023-10-30T14:36:23.273Z

Reserved: 2022-12-16T21:19:30.420Z

Link: CVE-2022-4574

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2023-10-30T15:15:40.080

Modified: 2023-11-08T00:24:33.087

Link: CVE-2022-4574

JSON object: View

cve-icon Redhat Information

No data.

CWE