CVE-2022-48181 MEDIUM

CVE-2022-48181

Vendor Lenovo
Product ThinkStation BIOS
Weakness CWE-787
Published June 5, 2023
Last update January 8, 2025

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code.

Key dates

02Disclosure timeline

June 5, 2023 CVE published
January 8, 2025 Record updated