CVE-2022-4575 - OpenCVE

A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	Thinkpad P50 Firmware Thinkpad P70 Thinkpad X270 Thinkpad Yoga 260 Firmware Thinkpad P70 Firmware Thinkpad L560 Thinkpad 25 Firmware Thinkpad X270 Firmware Thinkpad P50s Firmware Thinkpad P50 Thinkpad Yoga 260 Thinkpad P50s Thinkpad X1 Yoga 1st Gen Firmware Thinkpad L560 Firmware Thinkpad X1 Carbon 4th Gen Firmware Thinkpad X260 Thinkpad T470 Firmware Thinkpad T470 Thinkpad T560 Firmware Thinkpad T560 Thinkpad T470s Firmware Thinkpad X1 Carbon 4th Gen Thinkpad T470s Thinkpad 25 Thinkpad X260 Firmware Thinkpad X1 Yoga 1st Gen

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:thinkpad_25_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_25:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:thinkpad_l560_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_l560:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:thinkpad_p50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_p50:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:lenovo:thinkpad_p50s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_p50s:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:lenovo:thinkpad_p70_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_p70:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t470_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t470:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t470s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t470s:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t560_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t560:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_carbon_4th_gen_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_carbon_4th_gen:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_yoga_1st_gen_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_yoga_1st_gen:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x260_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x260:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x270_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x270:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:lenovo:thinkpad_yoga_260_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_yoga_260:-:*:*:*:*:*:*:*

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-106014	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: lenovo

Published: 2023-10-30T14:42:29.795Z

Updated: 2023-10-30T14:42:29.795Z

Reserved: 2022-12-16T21:26:17.285Z

Link: CVE-2022-4575

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-30T15:15:40.493

Modified: 2023-11-08T00:24:18.470

Link: CVE-2022-4575

JSON object: View

Redhat Information

No data.

CWE

CWE-276