Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-3431

A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Published

2023-10-09T19:15:09.987

Last Modified

2024-11-21T07:19:30.057

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-276
Type: Primary
CWE-276

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	ideapad_creator_5-16ach6_firmware	< gscn34ww	Yes
Hardware	lenovo	ideapad_creator_5-16ach6	-	No
Operating System	lenovo	ideapad_5_pro-16ihu6_firmware	< grcn22ww	Yes
Hardware	lenovo	ideapad_5_pro-16ihu6	-	No
Operating System	lenovo	ideapad_5_pro-16ach6_firmware	< gscn34ww	Yes
Hardware	lenovo	ideapad_5_pro-16ach6	-	No
Operating System	lenovo	yoga_slim_7-13itl05_firmware	< f7cn39ww	Yes
Hardware	lenovo	yoga_slim_7-13itl05	-	No
Operating System	lenovo	yoga_slim_7-13acn05_firmware	< ghcn28ww	Yes
Hardware	lenovo	yoga_slim_7-13acn05	-	No
Operating System	lenovo	yoga_slim_7_pro_16arh7_firmware	< klcn15ww	Yes
Hardware	lenovo	yoga_slim_7_pro_16arh7	-	No
Operating System	lenovo	yoga_slim_7_pro_16ach6_firmware	< hucn16ww	Yes
Hardware	lenovo	yoga_slim_7_pro_16ach6	-	No
Operating System	lenovo	yoga_slim_7_carbon_13itl5_firmware	< f7cn39ww	Yes
Hardware	lenovo	yoga_slim_7_carbon_13itl5	-	No
Operating System	lenovo	yoga_duet_7-13itl6-lte_firmware	< gpcn24ww	Yes
Hardware	lenovo	yoga_duet_7-13itl6-lte	-	No
Operating System	lenovo	yoga_duet_7-13itl6_firmware	< gpcn24ww	Yes
Hardware	lenovo	yoga_duet_7-13itl6	-	No
Operating System	lenovo	yoga_duet_7-13iml05_firmware	< ercn30ww	Yes
Hardware	lenovo	yoga_duet_7-13iml05	-	No
Operating System	lenovo	thinkbook_plus_g3_iap_firmware	< k6cn29ww	Yes
Hardware	lenovo	thinkbook_plus_g3_iap	-	No
Operating System	lenovo	thinkbook_plus_g2_itg_firmware	< gycn31ww	Yes
Hardware	lenovo	thinkbook_plus_g2_itg	-	No
Operating System	lenovo	thinkbook_16p_nx_arh_firmware	< kjcn27ww	Yes
Hardware	lenovo	thinkbook_16p_nx_arh	-	No
Operating System	lenovo	thinkbook_16_g4\+_iap_firmware	< hycn40ww	Yes
Hardware	lenovo	thinkbook_16_g4\+_iap	-	No
Operating System	lenovo	thinkbook_16_g4\+_ara_firmware	< j6cn40ww	Yes
Hardware	lenovo	thinkbook_16_g4\+_ara	-	No
Operating System	lenovo	thinkbook_14_g4\+_iap_firmware	< hycn40ww	Yes
Hardware	lenovo	thinkbook_14_g4\+_iap	-	No
Operating System	lenovo	thinkbook_14_g4\+_ara_firmware	< j6cn40ww	Yes
Hardware	lenovo	thinkbook_14_g4\+_ara	-	No
Operating System	lenovo	thinkbook_13x_itg_firmware	< hlcn30ww	Yes
Hardware	lenovo	thinkbook_13x_itg	-	No
Operating System	lenovo	ideapad_slim_7_pro_16ach6_firmware	< hucn16ww	Yes
Hardware	lenovo	ideapad_slim_7_pro_16ach6	-	No
Operating System	lenovo	s540-15iml_firmware	< cncn22ww	Yes
Hardware	lenovo	s540-15iml	-	No
Operating System	lenovo	slim_7_16arh7_firmware	< klcn15ww	Yes
Hardware	lenovo	slim_7_16arh7	-	No
Operating System	lenovo	ideapad_duet_3_10igl5_firmware	< eqcn37ww	Yes
Hardware	lenovo	ideapad_duet_3_10igl5	-	No
Operating System	lenovo	ideapad_5_pro_16arh7_firmware	< j4cn33ww	Yes
Hardware	lenovo	ideapad_5_pro_16arh7	-	No
Operating System	lenovo	d330-10igl_firmware	< g0cn11ww	Yes
Hardware	lenovo	d330-10igl	-	No

References

https://support.lenovo.com/us/en/product_security/LEN-94952 Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-94952 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)