Vulnerability Description
An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Thinkpad E14 Firmware | < 1.23 |
| Lenovo | Thinkpad E14 | - |
| Lenovo | Thinkpad E14 Gen 2 Firmware | < 1.55 |
| Lenovo | Thinkpad E14 Gen 2 | - |
| Lenovo | Thinkpad E14 Gen 4 Firmware | < 1.18 |
| Lenovo | Thinkpad E14 Gen 4 | - |
| Lenovo | Thinkpad E15 Firmware | < 1.23 |
| Lenovo | Thinkpad E15 | - |
| Lenovo | Thinkpad E15 Gen 2 Firmware | < 1.55 |
| Lenovo | Thinkpad E15 Gen 2 | - |
| Lenovo | Thinkpad E15 Gen 4 Firmware | < 1.18 |
| Lenovo | Thinkpad E15 Gen 4 | - |
| Lenovo | Thinkpad E490 Firmware | < 1.34 |
| Lenovo | Thinkpad E490 | - |
| Lenovo | Thinkpad E490S Firmware | < 1.34 |
| Lenovo | Thinkpad E490S | - |
| Lenovo | Thinkpad E590 Firmware | < 1.34 |
| Lenovo | Thinkpad E590 | - |
| Lenovo | Thinkpad L13 Gen 3 Firmware | < 1.14 |
| Lenovo | Thinkpad L13 Gen 3 | - |
Related Weaknesses (CWE)
References
- https://support.lenovo.com/us/en/product_security/LEN-106014Vendor Advisory
- https://support.lenovo.com/us/en/product_security/LEN-106014Vendor Advisory
FAQ
What is CVE-2022-48189?
CVE-2022-48189 is a vulnerability with a CVSS score of 6.7 (MEDIUM). An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.
How severe is CVE-2022-48189?
CVE-2022-48189 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-48189?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkpad E14 Firmware, Lenovo Thinkpad E14, Lenovo Thinkpad E14 Gen 2 Firmware, Lenovo Thinkpad E14 Gen 2, Lenovo Thinkpad E14 Gen 4 Firmware.