CVE-2022-1107 — MEDIUM (6.7)

Q: How severe is CVE-2022-1107?

CVE-2022-1107 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-1107?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkpad 11E Firmware, Lenovo Thinkpad 11E, Lenovo Thinkpad Helix Firmware, Lenovo Thinkpad Helix, Lenovo Thinkpad L560 Firmware.

Vulnerability Description

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Lenovo	Thinkpad 11E Firmware	< n15et78w
Lenovo	Thinkpad 11E	-
Lenovo	Thinkpad Helix Firmware	< n17eta8w
Lenovo	Thinkpad Helix	-
Lenovo	Thinkpad L560 Firmware	< n1het85w
Lenovo	Thinkpad L560	-
Lenovo	Thinkpad L570 Firmware	< n1xet65w
Lenovo	Thinkpad L570	-
Lenovo	Thinkpad P50S Firmware	< n1ket46w
Lenovo	Thinkpad P50S	-
Lenovo	Thinkpad P51S Firmware	< n1vet50w
Lenovo	Thinkpad P51S	-
Lenovo	Thinkpad P52S Firmware	< n27et36w
Lenovo	Thinkpad P52S	-
Lenovo	Thinkpad S540 Firmware	< gpet80ww
Lenovo	Thinkpad S540	-
Lenovo	Thinkpad T550 Firmware	< n11et50w
Lenovo	Thinkpad T550	-
Lenovo	Thinkpad T560 Firmware	< n1ket46w
Lenovo	Thinkpad T560	-

Related Weaknesses (CWE)

CWE-20 CWE-269

References

https://support.lenovo.com/us/en/product_security/LEN-84943Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-84943Vendor Advisory

FAQ

What is CVE-2022-1107?

CVE-2022-1107 is a vulnerability with a CVSS score of 6.7 (MEDIUM). During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker ...

How severe is CVE-2022-1107?

CVE-2022-1107 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-1107?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkpad 11E Firmware, Lenovo Thinkpad 11E, Lenovo Thinkpad Helix Firmware, Lenovo Thinkpad Helix, Lenovo Thinkpad L560 Firmware.