CVE-2022-48189 MEDIUM

CVE-2022-48189

Vendor Lenovo

Product ThinkPad BIOS

Weakness CWE-20 · Input validation

Published October 30, 2023

Last update September 9, 2024

View on NVD All CVEs

CVSS base score

6.7/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.

Key dates

02Disclosure timeline

October 30, 2023 CVE published

September 9, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-48189 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

CVE-2022-48189

01Description

02Disclosure timeline

03References

04Related CVE