A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
Advisories
Source ID Title
EUVD EUVD EUVD-2022-42807 A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
Fixes

Solution

Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-94952


Workaround

No workaround given by the vendor.

History

Thu, 19 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Lenovo notebook
CPEs cpe:2.3:h:lenovo:notebook:-:*:*:*:*:*:*:*
Vendors & Products Lenovo notebook
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published:

Updated: 2024-09-19T14:36:08.273Z

Reserved: 2022-10-07T19:59:25.920Z

Link: CVE-2022-3431

cve-icon Vulnrichment

Updated: 2024-08-03T01:07:06.619Z

cve-icon NVD

Status : Modified

Published: 2023-10-09T19:15:09.987

Modified: 2024-11-21T07:19:30.057

Link: CVE-2022-3431

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.