Vulnerability Description
An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Ideacentre C5-14Imb05 Firmware | < o4hkt38a |
| Lenovo | Ideacentre C5-14Imb05 | - |
| Lenovo | Thinkcentre E96Z Firmware | < m26kt22a |
| Lenovo | Thinkcentre E96Z | - |
| Lenovo | Ideacentre 3 07Iab7 Firmware | < m49kt1da |
| Lenovo | Ideacentre 3 07Iab7 | - |
| Lenovo | Ideacentre 3-07Imb05 Firmware | < m2vkt1da |
| Lenovo | Ideacentre 3-07Imb05 | - |
| Lenovo | Ideacentre 5 14Iab7 Firmware | < m42kt40a |
| Lenovo | Ideacentre 5 14Iab7 | - |
| Lenovo | Ideacentre 5-14Acn6 Firmware | < o5ekt21a |
| Lenovo | Ideacentre 5-14Acn6 | - |
| Lenovo | Ideacentre 5-14Imb05 Firmware | < o4hkt38a |
| Lenovo | Ideacentre 5-14Imb05 | - |
| Lenovo | Ideacentre 5-14Iob6 Firmware | < m3gkt33a |
| Lenovo | Ideacentre 5-14Iob6 | - |
| Lenovo | Ideacentre Creator 5-14Iob6 Firmware | <= m3gkt33a |
| Lenovo | Ideacentre Creator 5-14Iob6 | - |
| Lenovo | Ideacentre G5-14Imb05 Firmware | < o4hkt38a |
| Lenovo | Ideacentre G5-14Imb05 | - |
Related Weaknesses (CWE)
References
- https://support.lenovo.com/us/en/product_security/LEN-94953Vendor Advisory
- https://support.lenovo.com/us/en/product_security/LEN-94953Vendor Advisory
FAQ
What is CVE-2022-40136?
CVE-2022-40136 is a vulnerability with a CVSS score of 4.4 (MEDIUM). An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
How severe is CVE-2022-40136?
CVE-2022-40136 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-40136?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Ideacentre C5-14Imb05 Firmware, Lenovo Ideacentre C5-14Imb05, Lenovo Thinkcentre E96Z Firmware, Lenovo Thinkcentre E96Z, Lenovo Ideacentre 3 07Iab7 Firmware.