Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-3745

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 4.4, requiring local system access to exploit with relatively low complexity without requiring user interaction . The vulnerability impacts confidentiality (data exposure), for affected systems. Impacting 174 products from lenovo, from lenovo, from lenovo and 171 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2023, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2023-08-23T20:15:08.660

Last Modified

2024-11-21T07:20:09.750

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	ideapad_1_14iau7_firmware	< jkcn34ww	Yes
Hardware	lenovo	ideapad_1_14iau7	-	No
Operating System	lenovo	ideapad_1_14igl7_firmware	< kkcn15ww	Yes
Hardware	lenovo	ideapad_1_14igl7	-	No
Operating System	lenovo	ideapad_1_15iau7_firmware	< jkcn34ww	Yes
Hardware	lenovo	ideapad_1_15iau7	-	No
Operating System	lenovo	ideapad_1_15igl7_firmware	< kkcn15ww	Yes
Hardware	lenovo	ideapad_1_15igl7	-	No
Operating System	lenovo	ideapad_1-14ijl7_firmware	< htcn31ww	Yes
Hardware	lenovo	ideapad_1-14ijl7	-	No
Operating System	lenovo	ideapad_1-15ijl7_firmware	< htcn31ww	Yes
Hardware	lenovo	ideapad_1-15ijl7	-	No
Operating System	lenovo	ideapad_3_14iau7_firmware	< jkcn34ww	Yes
Hardware	lenovo	ideapad_3_14iau7	-	No
Operating System	lenovo	ideapad_3_15iau7_firmware	< jkcn34ww	Yes
Hardware	lenovo	ideapad_3_15iau7	-	No
Operating System	lenovo	ideapad_3_17iau7_firmware	< jkcn34ww	Yes
Hardware	lenovo	ideapad_3_17iau7	-	No
Operating System	lenovo	ideapad_3-15igl05_firmware	< dvcn28ww	Yes
Hardware	lenovo	ideapad_3-15igl05	-	No
Operating System	lenovo	ideapad_3-17iil05_firmware	< emcn56ww	Yes
Hardware	lenovo	ideapad_3-17iil05	-	No
Operating System	lenovo	ideapad_3-17itl6_firmware	< ggcn51ww	Yes
Hardware	lenovo	ideapad_3-17itl6	-	No
Operating System	lenovo	ideapad_5_15ial7_firmware	< jbcn27ww	Yes
Hardware	lenovo	ideapad_5_15ial7	-	No
Operating System	lenovo	ideapad_5-15itl05_firmware	< fhcn70ww	Yes
Hardware	lenovo	ideapad_5-15itl05	-	No
Operating System	lenovo	l3-15iml05_firmware	< ejcn30ww	Yes
Hardware	lenovo	l3-15iml05	-	No
Operating System	lenovo	l3-15itl6_firmware	< gfcn29ww	Yes
Hardware	lenovo	l3-15itl6	-	No
Operating System	lenovo	legion_5_15iah7_firmware	< j2cn49ww	Yes
Hardware	lenovo	legion_5_15iah7	-	No
Operating System	lenovo	legion_5_15iah7h_firmware	< j2cn49ww	Yes
Hardware	lenovo	legion_5_15iah7h	-	No
Operating System	lenovo	legion_5_pro_16iah7_firmware	< j2cn49ww	Yes
Hardware	lenovo	legion_5_pro_16iah7	-	No
Operating System	lenovo	legion_5_pro_16iah7h_firmware	< j2cn49ww	Yes
Hardware	lenovo	legion_5_pro_16iah7h	-	No
Operating System	lenovo	legion_5_pro-16ith6_firmware	< h1cn52ww	Yes
Hardware	lenovo	legion_5_pro-16ith6	-	No
Operating System	lenovo	legion_5_pro-16ith6h_firmware	< h1cn52ww	Yes
Hardware	lenovo	legion_5_pro-16ith6h	-	No
Operating System	lenovo	legion_5-15imh05_firmware	< efcn58ww	Yes
Hardware	lenovo	legion_5-15imh05	-	No
Operating System	lenovo	legion_5-15imh05h_firmware	< efcn58ww	Yes
Hardware	lenovo	legion_5-15imh05h	-	No
Operating System	lenovo	legion_5-15imh6_firmware	< g8cn22ww	Yes
Hardware	lenovo	legion_5-15imh6	-	No
Operating System	lenovo	legion_5-15ith6_firmware	< h1cn52ww	Yes
Hardware	lenovo	legion_5-15ith6	-	No
Operating System	lenovo	legion_5-15ith6h_firmware	< h1cn52ww	Yes
Hardware	lenovo	legion_5-15ith6h	-	No
Operating System	lenovo	legion_5-17imh05_firmware	< efcn58ww	Yes
Hardware	lenovo	legion_5-17imh05	-	No
Operating System	lenovo	legion_5-17imh05h_firmware	< efcn58ww	Yes
Hardware	lenovo	legion_5-17imh05h	-	No
Operating System	lenovo	legion_5-17ith6_firmware	< h1cn52ww	Yes
Hardware	lenovo	legion_5-17ith6	-	No
Operating System	lenovo	legion_5-17ith6h_firmware	< h1cn52ww	Yes
Hardware	lenovo	legion_5-17ith6h	-	No
Operating System	lenovo	legion_5p-15imh05_firmware	< efcn58ww	Yes
Hardware	lenovo	legion_5p-15imh05	-	No
Operating System	lenovo	legion_5p-15imh05h_firmware	< efcn58ww	Yes
Hardware	lenovo	legion_5p-15imh05h	-	No
Operating System	lenovo	legion_7_16iax7_firmware	< k1cn40ww	Yes
Hardware	lenovo	legion_7_16iax7	-	No
Operating System	lenovo	legion_7-16ithg6_firmware	< h1cn52ww	Yes
Hardware	lenovo	legion_7-16ithg6	-	No
Operating System	lenovo	s14_g2_itl_firmware	< ggcn51ww	Yes
Hardware	lenovo	s14_g2_itl	-	No
Operating System	lenovo	s14_g3_iap_firmware	< jkcn34ww	Yes
Hardware	lenovo	s14_g3_iap	-	No
Operating System	lenovo	slim_7_14iap7_firmware	< jhcn28ww	Yes
Hardware	lenovo	slim_7_14iap7	-	No
Operating System	lenovo	slim_7_carbon_13iap7_firmware	< k2cn34ww	Yes
Hardware	lenovo	slim_7_carbon_13iap7	-	No
Operating System	lenovo	slim_7_prox_14iah7_firmware	< hmcn41ww	Yes
Hardware	lenovo	slim_7_prox_14iah7	-	No
Operating System	lenovo	slim_9_14iap7_firmware	< j3cn49ww	Yes
Hardware	lenovo	slim_9_14iap7	-	No
Operating System	lenovo	thinkbook_15p_imh_firmware	< f6cn26ww	Yes
Hardware	lenovo	thinkbook_15p_imh	-	No
Operating System	lenovo	v14_g2_ijl_firmware	< htcn31ww	Yes
Hardware	lenovo	v14_g2_ijl	-	No
Operating System	lenovo	v14_g3_iap_firmware	< jkcn34ww	Yes
Hardware	lenovo	v14_g3_iap	-	No
Operating System	lenovo	v15_g2_ijl_firmware	< htcn31ww	Yes
Hardware	lenovo	v15_g2_ijl	-	No
Operating System	lenovo	v15_g3_iap_firmware	< jkcn34ww	Yes
Hardware	lenovo	v15_g3_iap	-	No
Operating System	lenovo	v17_g3_iap_firmware	< jkcn34ww	Yes
Hardware	lenovo	v17_g3_iap	-	No
Operating System	lenovo	s540-13itl_firmware	< fzcn26ww	Yes
Hardware	lenovo	s540-13itl	-	No
Operating System	lenovo	slim_7_pro-14ihu5_firmware	< fjcn74ww	Yes
Hardware	lenovo	slim_7_pro-14ihu5	-	No
Operating System	lenovo	slim_9-14itl05_firmware	< escn56ww	Yes
Hardware	lenovo	slim_9-14itl05	-	No
Operating System	lenovo	thinkbook_15p_g2_ith_firmware	< hjcn32ww	Yes
Hardware	lenovo	thinkbook_15p_g2_ith	-	No
Operating System	lenovo	v14_g1-iml_firmware	< dxcn44ww	Yes
Hardware	lenovo	v14_g1-iml	-	No
Operating System	lenovo	v14_g2-itl_firmware	< ggcn51ww	Yes
Hardware	lenovo	v14_g2-itl	-	No
Operating System	lenovo	v14-igl_firmware	< dvcn28ww	Yes
Hardware	lenovo	v14-igl	-	No
Operating System	lenovo	v15_g1-iml_firmware	< dxcn44ww	Yes
Hardware	lenovo	v15_g1-iml	-	No
Operating System	lenovo	v15_g2-itl_firmware	< ggcn51ww	Yes
Hardware	lenovo	v15_g2-itl	-	No
Operating System	lenovo	v15-igl_firmware	< dvcn28ww	Yes
Hardware	lenovo	v15-igl	-	No
Operating System	lenovo	v17_g2-itl_firmware	< ggcn51ww	Yes
Hardware	lenovo	v17_g2-itl	-	No
Operating System	lenovo	v17-iil_firmware	< emcn56ww	Yes
Hardware	lenovo	v17-iil	-	No
Operating System	lenovo	yoga_7_14ial7_firmware	< j1cn35ww	Yes
Hardware	lenovo	yoga_7_14ial7	-	No
Operating System	lenovo	yoga_7_16iah7_firmware	< j1cn35ww	Yes
Hardware	lenovo	yoga_7_16iah7	-	No
Operating System	lenovo	yoga_7_16iap7_firmware	< j1cn35ww	Yes
Hardware	lenovo	yoga_7_16iap7	-	No
Operating System	lenovo	yoga_7-14itl5_firmware	< f5cn59ww	Yes
Hardware	lenovo	yoga_7-14itl5	-	No
Operating System	lenovo	yoga_7-15itl5_firmware	< f5cn59ww	Yes
Hardware	lenovo	yoga_7-15itl5	-	No
Operating System	lenovo	yoga_9_14iap7_firmware	< hncn42ww	Yes
Hardware	lenovo	yoga_9_14iap7	-	No
Operating System	lenovo	yoga_slim_7_carbon_13iap7_firmware	< k2cn34ww	Yes
Hardware	lenovo	yoga_slim_7_carbon_13iap7	-	No
Operating System	lenovo	yoga_slim_7_pro_14iah7_firmware	< krcn14ww	Yes
Hardware	lenovo	yoga_slim_7_pro_14iah7	-	No
Operating System	lenovo	yoga_slim_7_pro_14iap7_firmware	< jhcn28ww	Yes
Hardware	lenovo	yoga_slim_7_pro_14iap7	-	No
Operating System	lenovo	yoga_slim_7_pro-14ihu5_firmware	< fjcn74ww	Yes
Hardware	lenovo	yoga_slim_7_pro-14ihu5	-	No
Operating System	lenovo	yoga_slim_7_pro-14ihu5_o_firmware	< fjcn74ww	Yes
Hardware	lenovo	yoga_slim_7_pro-14ihu5_o	-	No
Operating System	lenovo	yoga_slim_7_pro-14itl5_firmware	< fjcn74ww	Yes
Hardware	lenovo	yoga_slim_7_pro-14itl5	-	No
Operating System	lenovo	yoga_slim_7_prox_14iah7_firmware	< hmcn41ww	Yes
Hardware	lenovo	yoga_slim_7_prox_14iah7	-	No
Operating System	lenovo	yoga_slim_9_14iap7_firmware	< j3cn49ww	Yes
Hardware	lenovo	yoga_slim_9_14iap7	-	No
Operating System	lenovo	yoga_slim_9-14itl05_firmware	< escn56ww	Yes
Hardware	lenovo	yoga_slim_9-14itl05	-	No
Operating System	lenovo	ideapad_3-14igl05_firmware	< dvcn28ww	Yes
Hardware	lenovo	ideapad_3-14igl05	-	No
Operating System	lenovo	ideapad_3-14iil05_firmware	< emcn56ww	Yes
Hardware	lenovo	ideapad_3-14iil05	-	No
Operating System	lenovo	ideapad_3-14iml05_firmware	< dxcn44ww	Yes
Hardware	lenovo	ideapad_3-14iml05	-	No
Operating System	lenovo	ideapad_3-14itl05_firmware	< gccn32ww	Yes
Hardware	lenovo	ideapad_3-14itl05	-	No
Operating System	lenovo	ideapad_3-14itl6_firmware	< ggcn51ww	Yes
Hardware	lenovo	ideapad_3-14itl6	-	No
Operating System	lenovo	ideapad_3-15iil05_firmware	< emcn56ww	Yes
Hardware	lenovo	ideapad_3-15iil05	-	No
Operating System	lenovo	ideapad_3-15iml05_firmware	< dxcn44ww	Yes
Hardware	lenovo	ideapad_3-15iml05	-	No
Operating System	lenovo	ideapad_3-15itl05_firmware	< gccn32ww	Yes
Hardware	lenovo	ideapad_3-15itl05	-	No
Operating System	lenovo	ideapad_3-15itl6_firmware	< ggcn51ww	Yes
Hardware	lenovo	ideapad_3-15itl6	-	No
Operating System	lenovo	ideapad_3-17iml05_firmware	< dxcn44ww	Yes
Hardware	lenovo	ideapad_3-17iml05	-	No
Operating System	lenovo	ideapad_5-15iil05_firmware	< dpcn58ww	Yes
Hardware	lenovo	ideapad_5-15iil05	-	No
Operating System	lenovo	ideapad_creator_5-15imh05_firmware	< egcn40ww	Yes
Hardware	lenovo	ideapad_creator_5-15imh05	-	No
Operating System	lenovo	ideapad_gaming_3-15imh05_firmware	< egcn40ww	Yes
Hardware	lenovo	ideapad_gaming_3-15imh05	-	No

References

https://support.lenovo.com/us/en/product_security/LEN-103710 Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-103710 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For lenovo's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.