CVE-2022-40135 — MEDIUM (4.4)

Q: What is CVE-2022-40135?

CVE-2022-40135 is a vulnerability with a CVSS score of 4.4 (MEDIUM). An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

Q: How severe is CVE-2022-40135?

CVE-2022-40135 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-40135?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Ideacentre C5-14Imb05 Firmware, Lenovo Ideacentre C5-14Imb05, Lenovo Thinkcentre E96Z Firmware, Lenovo Thinkcentre E96Z, Lenovo Ideacentre 3 07Iab7 Firmware.

Vulnerability Description

An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

CVSS Score

4.4

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Lenovo	Ideacentre C5-14Imb05 Firmware	< o4hkt38a
Lenovo	Ideacentre C5-14Imb05	-
Lenovo	Thinkcentre E96Z Firmware	< m26kt22a
Lenovo	Thinkcentre E96Z	-
Lenovo	Ideacentre 3 07Iab7 Firmware	< m49kt1da
Lenovo	Ideacentre 3 07Iab7	-
Lenovo	Ideacentre 3-07Imb05 Firmware	< m2vkt1da
Lenovo	Ideacentre 3-07Imb05	-
Lenovo	Ideacentre 5 14Iab7 Firmware	< m42kt40a
Lenovo	Ideacentre 5 14Iab7	-
Lenovo	Ideacentre 5-14Acn6 Firmware	< o5ekt21a
Lenovo	Ideacentre 5-14Acn6	-
Lenovo	Ideacentre 5-14Imb05 Firmware	< o4hkt38a
Lenovo	Ideacentre 5-14Imb05	-
Lenovo	Ideacentre 5-14Iob6 Firmware	< m3gkt33a
Lenovo	Ideacentre 5-14Iob6	-
Lenovo	Ideacentre Creator 5-14Iob6 Firmware	<= m3gkt33a
Lenovo	Ideacentre Creator 5-14Iob6	-
Lenovo	Ideacentre G5-14Imb05 Firmware	< o4hkt38a
Lenovo	Ideacentre G5-14Imb05	-

Related Weaknesses (CWE)

CWE-125

References

https://support.lenovo.com/us/en/product_security/LEN-94953Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-94953Vendor Advisory

FAQ

What is CVE-2022-40135?

CVE-2022-40135 is a vulnerability with a CVSS score of 4.4 (MEDIUM). An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

How severe is CVE-2022-40135?

CVE-2022-40135 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-40135?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Ideacentre C5-14Imb05 Firmware, Lenovo Ideacentre C5-14Imb05, Lenovo Thinkcentre E96Z Firmware, Lenovo Thinkcentre E96Z, Lenovo Ideacentre 3 07Iab7 Firmware.