CVE-2022-48188 — MEDIUM (6.7)

Q: How severe is CVE-2022-48188?

CVE-2022-48188 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-48188?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Ideacentre Aio 3 21Itl7 Firmware, Lenovo Ideacentre Aio 3 21Itl7, Lenovo Ideacentre Aio 3-22Itl6 Firmware, Lenovo Ideacentre Aio 3-22Itl6, Lenovo Ideacentre Aio 3-24Itl6 Firmware.

Vulnerability Description

A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Lenovo	Ideacentre Aio 3 21Itl7 Firmware	< o5akt33
Lenovo	Ideacentre Aio 3 21Itl7	-
Lenovo	Ideacentre Aio 3-22Itl6 Firmware	< o5akt33
Lenovo	Ideacentre Aio 3-22Itl6	-
Lenovo	Ideacentre Aio 3-24Itl6 Firmware	< o5akt33
Lenovo	Ideacentre Aio 3-24Itl6	-
Lenovo	Ideacentre Aio 3-27Itl6 Firmware	< o5akt33
Lenovo	Ideacentre Aio 3-27Itl6	-
Lenovo	Thinkcentre M720E Firmware	< m1zkt40a
Lenovo	Thinkcentre M720E	-
Lenovo	Thinkcentre M720Q Firmware	< m1ukt70a
Lenovo	Thinkcentre M720Q	-
Lenovo	Thinkcentre M720S Firmware	< m1ukt70a
Lenovo	Thinkcentre M720S	-
Lenovo	Thinkcentre M720T Firmware	< m1ukt70a
Lenovo	Thinkcentre M720T	-
Lenovo	Thinkcentre M725S Firmware	< m25kt63a
Lenovo	Thinkcentre M725S	-
Lenovo	Thinkcentre M75S Gen 2 Firmware	< m46kt30a
Lenovo	Thinkcentre M75S Gen 2	-

Related Weaknesses (CWE)

CWE-787

References

https://support.lenovo.com/us/en/product_security/LEN-124495Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-124495Vendor Advisory

FAQ

What is CVE-2022-48188?

CVE-2022-48188 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitra...

How severe is CVE-2022-48188?

CVE-2022-48188 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-48188?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Ideacentre Aio 3 21Itl7 Firmware, Lenovo Ideacentre Aio 3 21Itl7, Lenovo Ideacentre Aio 3-22Itl6 Firmware, Lenovo Ideacentre Aio 3-22Itl6, Lenovo Ideacentre Aio 3-24Itl6 Firmware.