Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-1107

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.

Published

2022-04-22T21:15:10.300

Last Modified

2024-11-21T06:40:03.013

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Secondary
    CWE-20
  • Type: Primary
    CWE-20
    CWE-269
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System lenovo thinkpad_11e_firmware < n15et78w Yes
Hardware lenovo thinkpad_11e - No
Operating System lenovo thinkpad_helix_firmware < n17eta8w Yes
Hardware lenovo thinkpad_helix - No
Operating System lenovo thinkpad_l560_firmware < n1het85w Yes
Hardware lenovo thinkpad_l560 - No
Operating System lenovo thinkpad_l570_firmware < n1xet65w Yes
Hardware lenovo thinkpad_l570 - No
Operating System lenovo thinkpad_p50s_firmware < n1ket46w Yes
Hardware lenovo thinkpad_p50s - No
Operating System lenovo thinkpad_p51s_firmware < n1vet50w Yes
Hardware lenovo thinkpad_p51s - No
Operating System lenovo thinkpad_p52s_firmware < n27et36w Yes
Hardware lenovo thinkpad_p52s - No
Operating System lenovo thinkpad_s540_firmware < gpet80ww Yes
Hardware lenovo thinkpad_s540 - No
Operating System lenovo thinkpad_t550_firmware < n11et50w Yes
Hardware lenovo thinkpad_t550 - No
Operating System lenovo thinkpad_t560_firmware < n1ket46w Yes
Hardware lenovo thinkpad_t560 - No
Operating System lenovo thinkpad_t570_firmware < n1vet50w Yes
Hardware lenovo thinkpad_t570 - No
Operating System lenovo thinkpad_t580_firmware < n27et36w Yes
Hardware lenovo thinkpad_t580 - No
Operating System lenovo thinkpad_x1_tablet_gen_1_firmware < n1let86w Yes
Hardware lenovo thinkpad_x1_tablet_gen_1 - No
Operating System lenovo thinkpad_x1_tablet_gen_2_firmware < n1oet50w Yes
Hardware lenovo thinkpad_x1_tablet_gen_2 - No
Operating System lenovo thinkpad_w540_firmware < gnet92ww Yes
Hardware lenovo thinkpad_w540 - No
Operating System lenovo thinkpad_w541_firmware < gnet92ww Yes
Hardware lenovo thinkpad_w541 - No
Operating System lenovo thinkpad_w550s_firmware < n11et50w Yes
Hardware lenovo thinkpad_w550s - No
Operating System lenovo thinkpad_x1_carbon_3rd_gen_firmware < n14et52w Yes
Hardware lenovo thinkpad_x1_carbon_3rd_gen - No
Operating System lenovo thinkpad_x1_carbon_4th_gen_firmware < n1fet70w Yes
Hardware lenovo thinkpad_x1_carbon_4th_gen - No
Operating System lenovo thinkpad_x1_carbon_5th_gen_kabylake_firmware < n1met55w Yes
Hardware lenovo thinkpad_x1_carbon_5th_gen_kabylake - No
Operating System lenovo thinkpad_x1_carbon_5th_gen_skylake_firmware < n1met55w Yes
Hardware lenovo thinkpad_x1_carbon_5th_gen_skylake - No
Operating System lenovo thinkpad_x1_yoga_firmware < n1fet70w Yes
Hardware lenovo thinkpad_x1_yoga - No
Operating System lenovo thinkpad_x1_yoga_gen_2_firmware < n1net47w Yes
Hardware lenovo thinkpad_x1_yoga_gen_2 - No
Operating System lenovo thinkpad_x1_yoga_gen_3_firmware < n25et50w Yes
Hardware lenovo thinkpad_x1_yoga_gen_3 - No
Operating System lenovo thinkpad_x250_firmware < n10et58w Yes
Hardware lenovo thinkpad_x250 - No
Operating System lenovo thinkpad_x280_firmware < n20et44w Yes
Hardware lenovo thinkpad_x280 - No
Operating System lenovo thinkpad_x390_firmware < n2let60w Yes
Hardware lenovo thinkpad_x390 - No
Operating System lenovo thinkpad_11e_yoga_firmware < n15et78w Yes
Hardware lenovo thinkpad_11e_yoga - No
Operating System lenovo thinkpad_yoga_15_firmware < n19et61w Yes
Hardware lenovo thinkpad_yoga_15 - No
Operating System lenovo thinkpad_yoga_260_firmware < n1get98w Yes
Hardware lenovo thinkpad_yoga_260 - No
References