CVE-2022-1107 MEDIUM

CVE-2022-1107

Vendor Lenovo

Product ThinkPad BIOS

Weakness CWE-20 · Input validation

Published April 22, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

6.7/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.

Key dates

02Disclosure timeline

April 22, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1107 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

04Related CVE

CVE-2024-26127 Adobe Experience Manager | Improper Input Validation (CWE-20) CVE-2025-66451 LibreChat's Improper Input Validation in Prompt Creation API Enables Unauthorized Permission Changes CVE-2023-42661 JFrog Artifactory Improper input validation leads to arbitrary file write CVE-2020-3322 Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability CVE-2021-37909 CHANGING Inc. TSSServiSignAdapter Windows Versions - Improper Input Validation