CVE-2022-4575 MEDIUM

CVE-2022-4575

Vendor Lenovo
Product ThinkPad BIOS
Weakness CWE-276
Published October 30, 2023
Last update August 3, 2024

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.

Key dates

02Disclosure timeline

October 30, 2023 CVE published
August 3, 2024 Record updated