A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
Advisories
Source ID Title
EUVD EUVD EUVD-2022-42808 A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
Fixes

Solution

Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-94952


Workaround

No workaround given by the vendor.

History

Tue, 01 Apr 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published:

Updated: 2025-04-01T19:50:37.421Z

Reserved: 2022-10-07T19:59:51.458Z

Link: CVE-2022-3432

cve-icon Vulnrichment

Updated: 2024-08-03T01:07:06.699Z

cve-icon NVD

Status : Modified

Published: 2023-01-26T21:15:51.060

Modified: 2024-11-21T07:19:30.240

Link: CVE-2022-3432

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.