Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-4575

A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.

Published

2023-10-30T15:15:40.493

Last Modified

2024-11-21T07:35:31.517

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses
  • Type: Primary
    CWE-276
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System lenovo thinkpad_25_firmware < 1.73 Yes
Hardware lenovo thinkpad_25 - No
Operating System lenovo thinkpad_l560_firmware < 1.62 Yes
Hardware lenovo thinkpad_l560 - No
Operating System lenovo thinkpad_p50_firmware < 1.71 Yes
Hardware lenovo thinkpad_p50 - No
Operating System lenovo thinkpad_p50s_firmware < 1.45 Yes
Hardware lenovo thinkpad_p50s - No
Operating System lenovo thinkpad_p70_firmware < 2.45 Yes
Hardware lenovo thinkpad_p70 - No
Operating System lenovo thinkpad_t470_firmware < 1.73 Yes
Hardware lenovo thinkpad_t470 - No
Operating System lenovo thinkpad_t470s_firmware < 1.49 Yes
Hardware lenovo thinkpad_t470s - No
Operating System lenovo thinkpad_t560_firmware < 1.45 Yes
Hardware lenovo thinkpad_t560 - No
Operating System lenovo thinkpad_x1_carbon_4th_gen_firmware < 1.56 Yes
Hardware lenovo thinkpad_x1_carbon_4th_gen - No
Operating System lenovo thinkpad_x1_yoga_1st_gen_firmware < 1.56 Yes
Hardware lenovo thinkpad_x1_yoga_1st_gen - No
Operating System lenovo thinkpad_x260_firmware < 1.50 Yes
Hardware lenovo thinkpad_x260 - No
Operating System lenovo thinkpad_x270_firmware < 1.47 Yes
Hardware lenovo thinkpad_x270 - No
Operating System lenovo thinkpad_yoga_260_firmware < 1.88 Yes
Hardware lenovo thinkpad_yoga_260 - No
References