Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-1892

A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 6.7, requiring local system access to exploit with relatively low complexity without requiring user interaction . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 140 products from lenovo, from lenovo, from lenovo and 137 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2023, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2023-01-26T21:15:25.467

Last Modified

2024-11-21T06:41:41.637

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-122
Type: Primary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	100e_2nd_gen_firmware	< frcn23ww	Yes
Hardware	lenovo	100e_2nd_gen	-	No
Operating System	lenovo	100w_gen_3_firmware	< gacn38ww	Yes
Hardware	lenovo	100w_gen_3	-	No
Operating System	lenovo	13w_yoga_firmware	< jacn31ww	Yes
Hardware	lenovo	13w_yoga	-	No
Operating System	lenovo	14w_gen_2_firmware	< h0cn21ww	Yes
Hardware	lenovo	14w_gen_2	-	No
Operating System	lenovo	300e_2nd_gen_firmware	< frcn23ww	Yes
Hardware	lenovo	300e_2nd_gen	-	No
Operating System	lenovo	300w_gen_3_firmware	< gacn38ww	Yes
Hardware	lenovo	300w_gen_3	-	No
Operating System	lenovo	500w_gen_3_firmware	< g6cn40ww	Yes
Hardware	lenovo	500w_gen_3	-	No
Operating System	lenovo	730s-13iml_firmware	< brcn20ww	Yes
Hardware	lenovo	730s-13iml	-	No
Operating System	lenovo	flex_3-11ada05_firmware	< fpcn26ww	Yes
Hardware	lenovo	flex_3-11ada05	-	No
Operating System	lenovo	flex_5-14alc05_firmware	< gjcn27ww	Yes
Hardware	lenovo	flex_5-14alc05	-	No
Operating System	lenovo	flex_5-14are05_firmware	< eecn39ww	Yes
Hardware	lenovo	flex_5-14are05	-	No
Operating System	lenovo	flex_5-14iil05_firmware	< eecn40ww	Yes
Hardware	lenovo	flex_5-14iil05	-	No
Operating System	lenovo	flex_5-14itl05_firmware	< fxcn38ww	Yes
Hardware	lenovo	flex_5-14itl05	-	No
Operating System	lenovo	flex_5-15alc05_firmware	< gjcn27ww	Yes
Hardware	lenovo	flex_5-15alc05	-	No
Operating System	lenovo	flex_5-15iil05_firmware	< eccn40ww	Yes
Hardware	lenovo	flex_5-15iil05	-	No
Operating System	lenovo	flex_5-15itl05_firmware	< fxcn38ww	Yes
Hardware	lenovo	flex_5-15itl05	-	No
Operating System	lenovo	ideapad_1-11ada05_firmware	< fqcn26ww	Yes
Hardware	lenovo	ideapad_1-11ada05	-	No
Operating System	lenovo	ideapad_1-11igl05_firmware	< dwcn24ww	Yes
Hardware	lenovo	ideapad_1-11igl05	-	No
Operating System	lenovo	ideapad_1-14ada05_firmware	< fqcn26ww	Yes
Hardware	lenovo	ideapad_1-14ada05	-	No
Operating System	lenovo	ideapad_1-14igl05_firmware	< dwcn24ww	Yes
Hardware	lenovo	ideapad_1-14igl05	-	No
Operating System	lenovo	ideapad_3-15ada05_firmware	< e8cn36ww	Yes
Hardware	lenovo	ideapad_3-15ada05	-	No
Operating System	lenovo	ideapad_3-14ada05_firmware	< e8cn36ww	Yes
Hardware	lenovo	ideapad_3-14ada05	-	No
Operating System	lenovo	ideapad_3-14ada6_firmware	< hbcn24ww	Yes
Hardware	lenovo	ideapad_3-14ada6	-	No
Operating System	lenovo	ideapad_3-14alc6_firmware	< glcn48ww	Yes
Hardware	lenovo	ideapad_3-14alc6	-	No
Operating System	lenovo	ideapad_3-15ada6_firmware	< hbcn24ww	Yes
Hardware	lenovo	ideapad_3-15ada6	-	No
Operating System	lenovo	ideapad_3-15alc6_firmware	< glcn48ww	Yes
Hardware	lenovo	ideapad_3-15alc6	-	No
Operating System	lenovo	ideapad_3-17alc6_firmware	< e8cn36ww	Yes
Hardware	lenovo	ideapad_3-17alc6	-	No
Operating System	lenovo	ideapad_3-17ada05_firmware	< hbcn24ww	Yes
Hardware	lenovo	ideapad_3-17ada05	-	No
Operating System	lenovo	ideapad_3-17ada6_firmware	< glcn48ww	Yes
Hardware	lenovo	ideapad_3-17ada6	-	No
Operating System	lenovo	ideapad_5_15aba7_firmware	< kacn14ww	Yes
Hardware	lenovo	ideapad_5_15aba7	-	No
Operating System	lenovo	ideapad_flex_5_14alc7_firmware	< jccn29ww	Yes
Hardware	lenovo	ideapad_flex_5_14alc7	-	No
Operating System	lenovo	ideapad_flex_5_16alc7_firmware	< jccn29ww	Yes
Hardware	lenovo	ideapad_flex_5_16alc7	-	No
Operating System	lenovo	legion_s7-15imh5_firmware	< hacn37ww	Yes
Hardware	lenovo	legion_s7-15imh5	-	No
Operating System	lenovo	legion_s7-15ach6_firmware	< g1cn27ww	Yes
Hardware	lenovo	legion_s7-15ach6	-	No
Operating System	lenovo	legion_s7-15arh5_firmware	< fdcn40ww	Yes
Hardware	lenovo	legion_s7-15arh5	-	No
Operating System	lenovo	s145-14api_firmware	< bucn33ww	Yes
Hardware	lenovo	s145-14api	-	No
Operating System	lenovo	s145-14ast_firmware	< aycn28ww	Yes
Hardware	lenovo	s145-14ast	-	No
Operating System	lenovo	s145-15api_firmware	< bucn33ww	Yes
Hardware	lenovo	s145-15api	-	No
Operating System	lenovo	s145-15ast_firmware	< aycn28ww	Yes
Hardware	lenovo	s145-15ast	-	No
Operating System	lenovo	s540-13api_firmware	< cxcn36ww	Yes
Hardware	lenovo	s540-13api	-	No
Operating System	lenovo	ideapad_s940-14iil_firmware	< bqcn34ww	Yes
Hardware	lenovo	ideapad_s940-14iil	-	No
Operating System	lenovo	yoga_s940-14iil_firmware	< bqcn34ww	Yes
Hardware	lenovo	yoga_s940-14iil	-	No
Operating System	lenovo	ideapad_slim_1-14ast-05_firmware	< cwcn25ww	Yes
Hardware	lenovo	ideapad_slim_1-14ast-05	-	No
Operating System	lenovo	ideapad_slim_1-11ast-05_firmware	< cwcn25ww	Yes
Hardware	lenovo	ideapad_slim_1-11ast-05	-	No
Operating System	lenovo	thinkbook_13s_g3_acn_firmware	< gmcn29ww	Yes
Hardware	lenovo	thinkbook_13s_g3_acn	-	No
Operating System	lenovo	thinkbook_13s_g2_are_firmware	< fvcn24ww	Yes
Hardware	lenovo	thinkbook_13s_g2_are	-	No
Operating System	lenovo	thinkbook_13s_g2_itl_firmware	< f9cn50ww	Yes
Hardware	lenovo	thinkbook_13s_g2_itl	-	No
Operating System	lenovo	thinkbook_13s-iml_firmware	< cqcn37ww	Yes
Hardware	lenovo	thinkbook_13s-iml	-	No
Operating System	lenovo	thinkbook_14-iil_firmware	< djcn28ww	Yes
Hardware	lenovo	thinkbook_14-iil	-	No
Operating System	lenovo	thinkbook_14-iml_firmware	< cjcn38ww	Yes
Hardware	lenovo	thinkbook_14-iml	-	No
Operating System	lenovo	thinkbook_14p_g2_ach_firmware	< gwcn41ww	Yes
Hardware	lenovo	thinkbook_14p_g2_ach	-	No
Operating System	lenovo	thinkbook_14s_g2_itl_firmware	< f9cn50ww	Yes
Hardware	lenovo	thinkbook_14s_g2_itl	-	No
Operating System	lenovo	thinkbook_14s-iml_firmware	< cqcn37ww	Yes
Hardware	lenovo	thinkbook_14s-iml	-	No
Operating System	lenovo	thinkbook_15-iil_firmware	< djcn28ww	Yes
Hardware	lenovo	thinkbook_15-iil	-	No
Operating System	lenovo	thinkbook_15-iml_firmware	< cjcn38ww	Yes
Hardware	lenovo	thinkbook_15-iml	-	No
Operating System	lenovo	thinkbook_16p_g2_ach_firmware	< gxcn42ww	Yes
Hardware	lenovo	thinkbook_16p_g2_ach	-	No
Operating System	lenovo	v130-15ikb_firmware	< 8vcn31ww	Yes
Hardware	lenovo	v130-15ikb	-	No
Operating System	lenovo	v14_g2-alc_firmware	< glcn48ww	Yes
Hardware	lenovo	v14_g2-alc	-	No
Operating System	lenovo	v14-ada_firmware	< e8cn36ww	Yes
Hardware	lenovo	v14-ada	-	No
Operating System	lenovo	v15_g2-alc_firmware	< glcn48ww	Yes
Hardware	lenovo	v15_g2-alc	-	No
Operating System	lenovo	v15-ada_firmware	< e8cn36ww	Yes
Hardware	lenovo	v15-ada	-	No
Operating System	lenovo	yoga_9-15imh5_firmware	< epcn28ww	Yes
Hardware	lenovo	yoga_9-15imh5	-	No
Operating System	lenovo	yoga_c640-13iml_firmware	< chcn28ww	Yes
Hardware	lenovo	yoga_c640-13iml	-	No
Operating System	lenovo	yoga_c640-13iml_lte_firmware	< chcn28ww	Yes
Hardware	lenovo	yoga_c640-13iml_lte	-	No
Operating System	lenovo	yoga_c940-15irh_firmware	< bscn37ww	Yes
Hardware	lenovo	yoga_c940-15irh	-	No
Operating System	lenovo	yoga_s730-13iml_firmware	< brcn20ww	Yes
Hardware	lenovo	yoga_s730-13iml	-	No
Operating System	lenovo	yoga_s940-14iil_firmware	< bqcn34ww	Yes
Hardware	lenovo	yoga_s940-14iil	-	No
Operating System	lenovo	yoga_slim_7_pro-14ach5_firmware	< gzcn29ww	Yes
Hardware	lenovo	yoga_slim_7_pro-14ach5	-	No
Operating System	lenovo	yoga_slim_7_pro-14ach5_o_firmware	< gzcn29ww	Yes
Hardware	lenovo	yoga_slim_7_pro-14ach5_o	-	No
Operating System	lenovo	yoga_slim_7_pro-14arh5_firmware	< gzcn24ww	Yes
Hardware	lenovo	yoga_slim_7_pro-14arh5	-	No
Operating System	lenovo	ideapad_5-15alc05_firmware	< h2cn27ww	Yes
Hardware	lenovo	ideapad_5-15alc05	-	No

References

https://support.lenovo.com/us/en/product_security/LEN-91369 Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-91369 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For lenovo's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.