CVE-2022-1107 - OpenCVE

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lenovo	Thinkpad 11e Thinkpad 11e Firmware Thinkpad 11e Yoga Thinkpad 11e Yoga Firmware Thinkpad Helix Thinkpad Helix Firmware Thinkpad L560 Thinkpad L560 Firmware Thinkpad L570 Thinkpad L570 Firmware Thinkpad P50s Thinkpad P50s Firmware Thinkpad P51s Thinkpad P51s Firmware Thinkpad P52s Thinkpad P52s Firmware Thinkpad S540 Thinkpad S540 Firmware Thinkpad T550 Thinkpad T550 Firmware Thinkpad T560 Thinkpad T560 Firmware Thinkpad T570 Thinkpad T570 Firmware Thinkpad T580 Thinkpad T580 Firmware Thinkpad W540 Thinkpad W540 Firmware Thinkpad W541 Thinkpad W541 Firmware Thinkpad W550s Thinkpad W550s Firmware Thinkpad X1 Carbon 3rd Gen Thinkpad X1 Carbon 3rd Gen Firmware Thinkpad X1 Carbon 4th Gen Thinkpad X1 Carbon 4th Gen Firmware Thinkpad X1 Carbon 5th Gen Kabylake Thinkpad X1 Carbon 5th Gen Kabylake Firmware Thinkpad X1 Carbon 5th Gen Skylake Thinkpad X1 Carbon 5th Gen Skylake Firmware Thinkpad X1 Tablet Gen 1 Thinkpad X1 Tablet Gen 1 Firmware Thinkpad X1 Tablet Gen 2 Thinkpad X1 Tablet Gen 2 Firmware Thinkpad X1 Yoga Thinkpad X1 Yoga Firmware Thinkpad X1 Yoga Gen 2 Thinkpad X1 Yoga Gen 2 Firmware Thinkpad X1 Yoga Gen 3 Thinkpad X1 Yoga Gen 3 Firmware Thinkpad X250 Thinkpad X250 Firmware Thinkpad X280 Thinkpad X280 Firmware Thinkpad X390 Thinkpad X390 Firmware Thinkpad Yoga 15 Thinkpad Yoga 15 Firmware Thinkpad Yoga 260 Thinkpad Yoga 260 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:lenovo:thinkpad_11e:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:thinkpad_11e_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:lenovo:thinkpad_helix:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:thinkpad_helix_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:lenovo:thinkpad_l560:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:thinkpad_l560_firmware:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:lenovo:thinkpad_l570:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:thinkpad_l570_firmware:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:lenovo:thinkpad_p50s:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:thinkpad_p50s_firmware:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:lenovo:thinkpad_p51s:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:thinkpad_p51s_firmware:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:h:lenovo:thinkpad_p52s:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:thinkpad_p52s_firmware:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:h:lenovo:thinkpad_s540:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:thinkpad_s540_firmware:*:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t550_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t550:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t560_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t560:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t570_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t570:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t580_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t580:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_tablet_gen_1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_tablet_gen_1:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_tablet_gen_2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_tablet_gen_2:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:lenovo:thinkpad_w540_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_w540:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:lenovo:thinkpad_w541_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_w541:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:lenovo:thinkpad_w550s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_w550s:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_carbon_3rd_gen_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_carbon_3rd_gen:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_carbon_4th_gen_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_carbon_4th_gen:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_carbon_5th_gen_kabylake_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_carbon_5th_gen_kabylake:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_carbon_5th_gen_skylake_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_carbon_5th_gen_skylake:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_yoga_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_yoga:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_yoga_gen_2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_yoga_gen_2:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_yoga_gen_3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_yoga_gen_3:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x250:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x280_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x280:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x390_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x390:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:lenovo:thinkpad_11e_yoga_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_11e_yoga:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:lenovo:thinkpad_yoga_15_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_yoga_15:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:lenovo:thinkpad_yoga_260_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_yoga_260:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.lenovo.com/us/en/product_security/LEN-84943

History

No history.

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2022-04-22T20:30:50

Updated: 2024-08-02T23:55:24.201Z

Reserved: 2022-03-27T00:00:00

Link: CVE-2022-1107

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-04-22T21:15:10.300

Modified: 2022-05-12T13:42:48.583

Link: CVE-2022-1107

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object