CVE-2022-1892 - Vulnerability Details

A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00037.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Lenovo	100e 2nd Gen 100e 2nd Gen Firmware 100w Gen 3 100w Gen 3 Firmware 13w Yoga 13w Yoga Firmware 14w Gen 2 14w Gen 2 Firmware 300e 2nd Gen 300e 2nd Gen Firmware 300w Gen 3 300w Gen 3 Firmware 500w Gen 3 500w Gen 3 Firmware 730s-13iml 730s-13iml Firmware Flex 3-11ada05 Flex 3-11ada05 Firmware Flex 5-14alc05 Flex 5-14alc05 Firmware Flex 5-14are05 Flex 5-14are05 Firmware Flex 5-14iil05 Flex 5-14iil05 Firmware Flex 5-14itl05 Flex 5-14itl05 Firmware Flex 5-15alc05 Flex 5-15alc05 Firmware Flex 5-15iil05 Flex 5-15iil05 Firmware Flex 5-15itl05 Flex 5-15itl05 Firmware Ideapad 1-11ada05 Ideapad 1-11ada05 Firmware Ideapad 1-11igl05 Ideapad 1-11igl05 Firmware Ideapad 1-14ada05 Ideapad 1-14ada05 Firmware Ideapad 1-14igl05 Ideapad 1-14igl05 Firmware Ideapad 3-14ada05 Ideapad 3-14ada05 Firmware Ideapad 3-14ada6 Ideapad 3-14ada6 Firmware Ideapad 3-14alc6 Ideapad 3-14alc6 Firmware Ideapad 3-15ada05 Ideapad 3-15ada05 Firmware Ideapad 3-15ada6 Ideapad 3-15ada6 Firmware Ideapad 3-15alc6 Ideapad 3-15alc6 Firmware Ideapad 3-17ada05 Ideapad 3-17ada05 Firmware Ideapad 3-17ada6 Ideapad 3-17ada6 Firmware Ideapad 3-17alc6 Ideapad 3-17alc6 Firmware Ideapad 5-15alc05 Ideapad 5-15alc05 Firmware Ideapad 5 15aba7 Ideapad 5 15aba7 Firmware Ideapad Flex 5 14alc7 Ideapad Flex 5 14alc7 Firmware Ideapad Flex 5 16alc7 Ideapad Flex 5 16alc7 Firmware Ideapad S940-14iil Ideapad S940-14iil Firmware Ideapad Slim 1-11ast-05 Ideapad Slim 1-11ast-05 Firmware Ideapad Slim 1-14ast-05 Ideapad Slim 1-14ast-05 Firmware Legion S7-15ach6 Legion S7-15ach6 Firmware Legion S7-15arh5 Legion S7-15arh5 Firmware Legion S7-15imh5 Legion S7-15imh5 Firmware S145-14api S145-14api Firmware S145-14ast S145-14ast Firmware S145-15api S145-15api Firmware S145-15ast S145-15ast Firmware S540-13api S540-13api Firmware Thinkbook 13s-iml Thinkbook 13s-iml Firmware Thinkbook 13s G2 Are Thinkbook 13s G2 Are Firmware Thinkbook 13s G2 Itl Thinkbook 13s G2 Itl Firmware Thinkbook 13s G3 Acn Thinkbook 13s G3 Acn Firmware Thinkbook 14-iil Thinkbook 14-iil Firmware Thinkbook 14-iml Thinkbook 14-iml Firmware Thinkbook 14p G2 Ach Thinkbook 14p G2 Ach Firmware Thinkbook 14s-iml Thinkbook 14s-iml Firmware Thinkbook 14s G2 Itl Thinkbook 14s G2 Itl Firmware Thinkbook 15-iil Thinkbook 15-iil Firmware Thinkbook 15-iml Thinkbook 15-iml Firmware Thinkbook 16p G2 Ach Thinkbook 16p G2 Ach Firmware V130-15ikb V130-15ikb Firmware V14-ada V14-ada Firmware V14 G2-alc V14 G2-alc Firmware V15-ada V15-ada Firmware V15 G2-alc V15 G2-alc Firmware Yoga 9-15imh5 Yoga 9-15imh5 Firmware Yoga C640-13iml Yoga C640-13iml Firmware Yoga C640-13iml Lte Yoga C640-13iml Lte Firmware Yoga C940-15irh Yoga C940-15irh Firmware Yoga S730-13iml Yoga S730-13iml Firmware Yoga S940-14iil Yoga S940-14iil Firmware Yoga Slim 7 Pro-14ach5 Yoga Slim 7 Pro-14ach5 Firmware Yoga Slim 7 Pro-14ach5 O Yoga Slim 7 Pro-14ach5 O Firmware Yoga Slim 7 Pro-14arh5 Yoga Slim 7 Pro-14arh5 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:100e_2nd_gen_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:100e_2nd_gen:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:100w_gen_3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:100w_gen_3:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:13w_yoga_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:13w_yoga:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:lenovo:14w_gen_2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:14w_gen_2:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:lenovo:300e_2nd_gen_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:300e_2nd_gen:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:lenovo:300w_gen_3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:300w_gen_3:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:lenovo:500w_gen_3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:500w_gen_3:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:lenovo:730s-13iml_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:730s-13iml:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:lenovo:flex_3-11ada05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_3-11ada05:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:lenovo:flex_5-14alc05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_5-14alc05:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:lenovo:flex_5-14are05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_5-14are05:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:lenovo:flex_5-14iil05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_5-14iil05:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:lenovo:flex_5-14itl05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_5-14itl05:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:lenovo:flex_5-15alc05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_5-15alc05:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:lenovo:flex_5-15iil05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_5-15iil05:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:lenovo:flex_5-15itl05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_5-15itl05:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:lenovo:ideapad_1-11ada05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_1-11ada05:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:lenovo:ideapad_1-11igl05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_1-11igl05:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:lenovo:ideapad_1-14ada05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_1-14ada05:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:lenovo:ideapad_1-14igl05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_1-14igl05:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:lenovo:ideapad_3-15ada05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_3-15ada05:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:lenovo:ideapad_3-14ada05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_3-14ada05:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:lenovo:ideapad_3-14ada6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_3-14ada6:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:lenovo:ideapad_3-14alc6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_3-14alc6:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:lenovo:ideapad_3-15ada6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_3-15ada6:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:lenovo:ideapad_3-15alc6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_3-15alc6:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:lenovo:ideapad_3-17alc6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_3-17alc6:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:lenovo:ideapad_3-17ada05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_3-17ada05:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:lenovo:ideapad_3-17ada6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_3-17ada6:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:lenovo:ideapad_5_15aba7_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_5_15aba7:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:lenovo:ideapad_flex_5_14alc7_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_flex_5_14alc7:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:lenovo:ideapad_flex_5_16alc7_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_flex_5_16alc7:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:lenovo:legion_s7-15imh5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:legion_s7-15imh5:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:lenovo:legion_s7-15ach6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:legion_s7-15ach6:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:lenovo:legion_s7-15arh5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:legion_s7-15arh5:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:lenovo:s145-14api_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:s145-14api:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:lenovo:s145-14ast_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:s145-14ast:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:lenovo:s145-15api_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:s145-15api:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:lenovo:s145-15ast_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:s145-15ast:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:lenovo:s540-13api_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:s540-13api:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

cpe:2.3:o:lenovo:ideapad_s940-14iil_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_s940-14iil:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:lenovo:yoga_s940-14iil_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yoga_s940-14iil:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

cpe:2.3:o:lenovo:ideapad_slim_1-14ast-05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_slim_1-14ast-05:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:o:lenovo:ideapad_slim_1-11ast-05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_slim_1-11ast-05:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND

cpe:2.3:o:lenovo:thinkbook_13s_g3_acn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkbook_13s_g3_acn:-:*:*:*:*:*:*:*

Configuration 46 [-]

AND

cpe:2.3:o:lenovo:thinkbook_13s_g2_are_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkbook_13s_g2_are:-:*:*:*:*:*:*:*

Configuration 47 [-]

AND

cpe:2.3:o:lenovo:thinkbook_13s_g2_itl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkbook_13s_g2_itl:-:*:*:*:*:*:*:*

Configuration 48 [-]

AND

cpe:2.3:o:lenovo:thinkbook_13s-iml_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkbook_13s-iml:-:*:*:*:*:*:*:*

Configuration 49 [-]

AND

cpe:2.3:o:lenovo:thinkbook_14-iil_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkbook_14-iil:-:*:*:*:*:*:*:*

Configuration 50 [-]

AND

cpe:2.3:o:lenovo:thinkbook_14-iml_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkbook_14-iml:-:*:*:*:*:*:*:*

Configuration 51 [-]

AND

cpe:2.3:o:lenovo:thinkbook_14p_g2_ach_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkbook_14p_g2_ach:-:*:*:*:*:*:*:*

Configuration 52 [-]

AND

cpe:2.3:o:lenovo:thinkbook_14s_g2_itl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkbook_14s_g2_itl:-:*:*:*:*:*:*:*

Configuration 53 [-]

AND

cpe:2.3:o:lenovo:thinkbook_14s-iml_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkbook_14s-iml:-:*:*:*:*:*:*:*

Configuration 54 [-]

AND

cpe:2.3:o:lenovo:thinkbook_15-iil_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkbook_15-iil:-:*:*:*:*:*:*:*

Configuration 55 [-]

AND

cpe:2.3:o:lenovo:thinkbook_15-iml_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkbook_15-iml:-:*:*:*:*:*:*:*

Configuration 56 [-]

AND

cpe:2.3:o:lenovo:thinkbook_16p_g2_ach_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkbook_16p_g2_ach:-:*:*:*:*:*:*:*

Configuration 57 [-]

AND

cpe:2.3:o:lenovo:v130-15ikb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v130-15ikb:-:*:*:*:*:*:*:*

Configuration 58 [-]

AND

cpe:2.3:o:lenovo:v14_g2-alc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v14_g2-alc:-:*:*:*:*:*:*:*

Configuration 59 [-]

AND

cpe:2.3:o:lenovo:v14-ada_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v14-ada:-:*:*:*:*:*:*:*

Configuration 60 [-]

AND

cpe:2.3:o:lenovo:v15_g2-alc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v15_g2-alc:-:*:*:*:*:*:*:*

Configuration 61 [-]

AND

cpe:2.3:o:lenovo:v15-ada_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v15-ada:-:*:*:*:*:*:*:*

Configuration 62 [-]

AND

cpe:2.3:o:lenovo:yoga_9-15imh5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yoga_9-15imh5:-:*:*:*:*:*:*:*

Configuration 63 [-]

AND

cpe:2.3:o:lenovo:yoga_c640-13iml_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yoga_c640-13iml:-:*:*:*:*:*:*:*

Configuration 64 [-]

AND

cpe:2.3:o:lenovo:yoga_c640-13iml_lte_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yoga_c640-13iml_lte:-:*:*:*:*:*:*:*

Configuration 65 [-]

AND

cpe:2.3:o:lenovo:yoga_c940-15irh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yoga_c940-15irh:-:*:*:*:*:*:*:*

Configuration 66 [-]

AND

cpe:2.3:o:lenovo:yoga_s730-13iml_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yoga_s730-13iml:-:*:*:*:*:*:*:*

Configuration 67 [-]

AND

cpe:2.3:o:lenovo:yoga_s940-14iil_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yoga_s940-14iil:-:*:*:*:*:*:*:*

Configuration 68 [-]

AND

cpe:2.3:o:lenovo:yoga_slim_7_pro-14ach5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yoga_slim_7_pro-14ach5:-:*:*:*:*:*:*:*

Configuration 69 [-]

AND

cpe:2.3:o:lenovo:yoga_slim_7_pro-14ach5_o_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yoga_slim_7_pro-14ach5_o:-:*:*:*:*:*:*:*

Configuration 70 [-]

AND

cpe:2.3:o:lenovo:yoga_slim_7_pro-14arh5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yoga_slim_7_pro-14arh5:-:*:*:*:*:*:*:*

Configuration 71 [-]

AND

cpe:2.3:o:lenovo:ideapad_5-15alc05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_5-15alc05:-:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-25164	A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

Fixes

Solution

Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-91369

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.lenovo.com/us/en/product_security/LEN-91369

History

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00046}`	epss `{'score': 0.00037}`

Wed, 02 Apr 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2023-01-23T15:31:19.243Z

Updated: 2025-04-02T14:37:24.386Z

Reserved: 2022-05-25T20:29:39.456Z

Link: CVE-2022-1892

Vulnrichment

Updated: 2024-08-03T00:17:00.914Z

NVD

Status : Modified

Published: 2023-01-26T21:15:25.467

Modified: 2024-11-21T06:41:41.637

Link: CVE-2022-1892

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object