1. Home
  2. CVE Database
  3. CVE-2022-40134
MEDIUM · 4.4

CVE-2022-40134

An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

Vulnerability Description

An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

CVSS Score

4.4

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
LenovoIdeacentre C5-14Imb05 Firmwareo4hkt38a
LenovoIdeacentre C5-14Imb05-
LenovoThinkcentre E96Z Firmwarem26kt22a
LenovoThinkcentre E96Z-
LenovoIdeacentre 3 07Iab7 Firmwarem49kt1da
LenovoIdeacentre 3 07Iab7-
LenovoIdeacentre 3-07Imb05 Firmwarem2vkt1da
LenovoIdeacentre 3-07Imb05-
LenovoIdeacentre 5 14Iab7 Firmwarem42kt40a
LenovoIdeacentre 5 14Iab7-
LenovoIdeacentre 5-14Acn6 Firmwareo5ekt21a
LenovoIdeacentre 5-14Acn6-
LenovoIdeacentre 5-14Imb05 Firmwareo4hkt38a
LenovoIdeacentre 5-14Imb05-
LenovoIdeacentre 5-14Iob6 Firmwarem3gkt33a
LenovoIdeacentre 5-14Iob6-
LenovoIdeacentre Creator 5-14Iob6 Firmwarem3gkt33a
LenovoIdeacentre Creator 5-14Iob6-
LenovoIdeacentre G5-14Imb05 Firmwareo4hkt38a
LenovoIdeacentre G5-14Imb05-

Related Weaknesses (CWE)

CWE-125

References

FAQ

What is CVE-2022-40134?

CVE-2022-40134 is a vulnerability with a CVSS score of 4.4 (MEDIUM). An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

How severe is CVE-2022-40134?

CVE-2022-40134 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-40134?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Ideacentre C5-14Imb05 Firmware, Lenovo Ideacentre C5-14Imb05, Lenovo Thinkcentre E96Z Firmware, Lenovo Thinkcentre E96Z, Lenovo Ideacentre 3 07Iab7 Firmware.