CVE-2022-1107 - Vulnerability Details

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00032.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Lenovo

ThinkPad BIOS

affected

Version	Status	Constraints
`various`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:thinkpad_11e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_11e:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:thinkpad_helix_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_helix:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:thinkpad_l560_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_l560:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:lenovo:thinkpad_l570_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_l570:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:lenovo:thinkpad_p50s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_p50s:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:lenovo:thinkpad_p51s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_p51s:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:lenovo:thinkpad_p52s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_p52s:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:lenovo:thinkpad_s540_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_s540:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t550_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t550:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t560_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t560:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t570_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t570:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t580_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t580:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_tablet_gen_1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_tablet_gen_1:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_tablet_gen_2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_tablet_gen_2:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:lenovo:thinkpad_w540_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_w540:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:lenovo:thinkpad_w541_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_w541:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:lenovo:thinkpad_w550s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_w550s:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_carbon_3rd_gen_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_carbon_3rd_gen:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_carbon_4th_gen_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_carbon_4th_gen:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_carbon_5th_gen_kabylake_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_carbon_5th_gen_kabylake:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_carbon_5th_gen_skylake_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_carbon_5th_gen_skylake:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_yoga_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_yoga:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_yoga_gen_2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_yoga_gen_2:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_yoga_gen_3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_yoga_gen_3:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x250:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x280_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x280:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x390_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x390:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:lenovo:thinkpad_11e_yoga_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_11e_yoga:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:lenovo:thinkpad_yoga_15_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_yoga_15:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:lenovo:thinkpad_yoga_260_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_yoga_260:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Lenovo Subscribe	Thinkpad 11e Subscribe Thinkpad 11e Firmware Subscribe Thinkpad 11e Yoga Subscribe Thinkpad 11e Yoga Firmware Subscribe Thinkpad Helix Subscribe Thinkpad Helix Firmware Subscribe Thinkpad L560 Subscribe Thinkpad L560 Firmware Subscribe Thinkpad L570 Subscribe Thinkpad L570 Firmware Subscribe Thinkpad P50s Subscribe Thinkpad P50s Firmware Subscribe Thinkpad P51s Subscribe Thinkpad P51s Firmware Subscribe Thinkpad P52s Subscribe Thinkpad P52s Firmware Subscribe Thinkpad S540 Subscribe Thinkpad S540 Firmware Subscribe Thinkpad T550 Subscribe Thinkpad T550 Firmware Subscribe Thinkpad T560 Subscribe Thinkpad T560 Firmware Subscribe Thinkpad T570 Subscribe Thinkpad T570 Firmware Subscribe Thinkpad T580 Subscribe Thinkpad T580 Firmware Subscribe Thinkpad W540 Subscribe Thinkpad W540 Firmware Subscribe Thinkpad W541 Subscribe Thinkpad W541 Firmware Subscribe Thinkpad W550s Subscribe Thinkpad W550s Firmware Subscribe Thinkpad X1 Carbon 3rd Gen Subscribe Thinkpad X1 Carbon 3rd Gen Firmware Subscribe Thinkpad X1 Carbon 4th Gen Subscribe Thinkpad X1 Carbon 4th Gen Firmware Subscribe Thinkpad X1 Carbon 5th Gen Kabylake Subscribe Thinkpad X1 Carbon 5th Gen Kabylake Firmware Subscribe Thinkpad X1 Carbon 5th Gen Skylake Subscribe Thinkpad X1 Carbon 5th Gen Skylake Firmware Subscribe Thinkpad X1 Tablet Gen 1 Subscribe Thinkpad X1 Tablet Gen 1 Firmware Subscribe Thinkpad X1 Tablet Gen 2 Subscribe Thinkpad X1 Tablet Gen 2 Firmware Subscribe Thinkpad X1 Yoga Subscribe Thinkpad X1 Yoga Firmware Subscribe Thinkpad X1 Yoga Gen 2 Subscribe Thinkpad X1 Yoga Gen 2 Firmware Subscribe Thinkpad X1 Yoga Gen 3 Subscribe Thinkpad X1 Yoga Gen 3 Firmware Subscribe Thinkpad X250 Subscribe Thinkpad X250 Firmware Subscribe Thinkpad X280 Subscribe Thinkpad X280 Firmware Subscribe Thinkpad X390 Subscribe Thinkpad X390 Firmware Subscribe Thinkpad Yoga 15 Subscribe Thinkpad Yoga 15 Firmware Subscribe Thinkpad Yoga 260 Subscribe Thinkpad Yoga 260 Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2022-24450	During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.

Fixes

Solution

Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-84943.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.lenovo.com/us/en/product_security/LEN-84943

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2022-04-22T20:30:50

Updated: 2024-08-02T23:55:24.201Z

Reserved: 2022-03-27T00:00:00

Link: CVE-2022-1107

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-04-22T21:15:10.300

Modified: 2024-11-21T06:40:03.013

Link: CVE-2022-1107

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object