CVE-2022-4575 — MEDIUM (6.7)

Q: How severe is CVE-2022-4575?

CVE-2022-4575 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-4575?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkpad 25 Firmware, Lenovo Thinkpad 25, Lenovo Thinkpad L560 Firmware, Lenovo Thinkpad L560, Lenovo Thinkpad P50 Firmware.

Vulnerability Description

A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Lenovo	Thinkpad 25 Firmware	< 1.73
Lenovo	Thinkpad 25	-
Lenovo	Thinkpad L560 Firmware	< 1.62
Lenovo	Thinkpad L560	-
Lenovo	Thinkpad P50 Firmware	< 1.71
Lenovo	Thinkpad P50	-
Lenovo	Thinkpad P50S Firmware	< 1.45
Lenovo	Thinkpad P50S	-
Lenovo	Thinkpad P70 Firmware	< 2.45
Lenovo	Thinkpad P70	-
Lenovo	Thinkpad T470 Firmware	< 1.73
Lenovo	Thinkpad T470	-
Lenovo	Thinkpad T470S Firmware	< 1.49
Lenovo	Thinkpad T470S	-
Lenovo	Thinkpad T560 Firmware	< 1.45
Lenovo	Thinkpad T560	-
Lenovo	Thinkpad X1 Carbon 4Th Gen Firmware	< 1.56
Lenovo	Thinkpad X1 Carbon 4Th Gen	-
Lenovo	Thinkpad X1 Yoga 1St Gen Firmware	< 1.56
Lenovo	Thinkpad X1 Yoga 1St Gen	-

Related Weaknesses (CWE)

CWE-276

References

https://support.lenovo.com/us/en/product_security/LEN-106014Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-106014Vendor Advisory

FAQ

What is CVE-2022-4575?

CVE-2022-4575 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the a...

How severe is CVE-2022-4575?

CVE-2022-4575 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-4575?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkpad 25 Firmware, Lenovo Thinkpad 25, Lenovo Thinkpad L560 Firmware, Lenovo Thinkpad L560, Lenovo Thinkpad P50 Firmware.