An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Lenovo | ThinkPad BIOS | unaffected |
|
Configuration 1 [-]
| AND |
|
Configuration 2 [-]
| AND |
|
Configuration 3 [-]
| AND |
|
Configuration 4 [-]
| AND |
|
Configuration 5 [-]
| AND |
|
Configuration 6 [-]
| AND |
|
Configuration 7 [-]
| AND |
|
Configuration 8 [-]
| AND |
|
Configuration 9 [-]
| AND |
|
Configuration 10 [-]
| AND |
|
Configuration 11 [-]
| AND |
|
Configuration 12 [-]
| AND |
|
Configuration 13 [-]
| AND |
|
Configuration 14 [-]
| AND |
|
Configuration 15 [-]
| AND |
|
Configuration 16 [-]
| AND |
|
Configuration 17 [-]
| AND |
|
Configuration 18 [-]
| AND |
|
Configuration 19 [-]
| AND |
|
Configuration 20 [-]
| AND |
|
Configuration 21 [-]
| AND |
|
Configuration 22 [-]
| AND |
|
Configuration 23 [-]
| AND |
|
Configuration 24 [-]
| AND |
|
Configuration 25 [-]
| AND |
|
Configuration 26 [-]
| AND |
|
Configuration 27 [-]
| AND |
|
Configuration 28 [-]
| AND |
|
Configuration 29 [-]
| AND |
|
Configuration 30 [-]
| AND |
|
Configuration 31 [-]
| AND |
|
Configuration 32 [-]
| AND |
|
Configuration 33 [-]
| AND |
|
Configuration 34 [-]
| AND |
|
Configuration 35 [-]
| AND |
|
Configuration 36 [-]
| AND |
|
Configuration 37 [-]
| AND |
|
Configuration 38 [-]
| AND |
|
Configuration 39 [-]
| AND |
|
Configuration 40 [-]
| AND |
|
Configuration 41 [-]
| AND |
|
Configuration 42 [-]
| AND |
|
Configuration 43 [-]
| AND |
|
Configuration 44 [-]
| AND |
|
Configuration 45 [-]
| AND |
|
Configuration 46 [-]
| AND |
|
Configuration 47 [-]
| AND |
|
Configuration 48 [-]
| AND |
|
Configuration 49 [-]
| AND |
|
Configuration 50 [-]
| AND |
|
Configuration 51 [-]
| AND |
|
Configuration 52 [-]
| AND |
|
Configuration 53 [-]
| AND |
|
Configuration 54 [-]
| AND |
|
No data.
No data.
Project Subscriptions
| Vendors | Products |
|---|---|
|
Lenovo
Subscribe
|
Thinkpad L14
Subscribe
Thinkpad L14 Firmware
Subscribe
Thinkpad L14 Gen 2
Subscribe
Thinkpad L14 Gen 2 Firmware
Subscribe
Thinkpad L15
Subscribe
Thinkpad L15 Firmware
Subscribe
Thinkpad L15 Gen 2
Subscribe
Thinkpad L15 Gen 2 Firmware
Subscribe
Thinkpad P14s Gen 1
Subscribe
Thinkpad P14s Gen 1 Firmware
Subscribe
Thinkpad P14s Gen 2
Subscribe
Thinkpad P14s Gen 2 Firmware
Subscribe
Thinkpad P14s Gen 3
Subscribe
Thinkpad P14s Gen 3 Firmware
Subscribe
Thinkpad P15 Gen 1
Subscribe
Thinkpad P15 Gen 1 Firmware
Subscribe
Thinkpad P15 Gen 2
Subscribe
Thinkpad P15 Gen 2 Firmware
Subscribe
Thinkpad P15s Gen 1
Subscribe
Thinkpad P15s Gen 1 Firmware
Subscribe
Thinkpad P15s Gen 2
Subscribe
Thinkpad P15s Gen 2 Firmware
Subscribe
Thinkpad P15v Gen 1
Subscribe
Thinkpad P15v Gen 1 Firmware
Subscribe
Thinkpad P15v Gen 2
Subscribe
Thinkpad P15v Gen 2 Firmware
Subscribe
Thinkpad P15v Gen 3
Subscribe
Thinkpad P15v Gen 3 Firmware
Subscribe
Thinkpad P16 Gen 1
Subscribe
Thinkpad P16 Gen 1 Firmware
Subscribe
Thinkpad P16s Gen 1
Subscribe
Thinkpad P16s Gen 1 Firmware
Subscribe
Thinkpad P17 Gen 1
Subscribe
Thinkpad P17 Gen 1 Firmware
Subscribe
Thinkpad P17 Gen 2
Subscribe
Thinkpad P17 Gen 2 Firmware
Subscribe
Thinkpad P1 Gen 3
Subscribe
Thinkpad P1 Gen 3 Firmware
Subscribe
Thinkpad P1 Gen 4
Subscribe
Thinkpad P1 Gen 4 Firmware
Subscribe
Thinkpad P1 Gen 5
Subscribe
Thinkpad P1 Gen 5 Firmware
Subscribe
Thinkpad T14 Gen 1
Subscribe
Thinkpad T14 Gen 1 Firmware
Subscribe
Thinkpad T14 Gen 2
Subscribe
Thinkpad T14 Gen 2 Firmware
Subscribe
Thinkpad T14 Gen 3
Subscribe
Thinkpad T14 Gen 3 Firmware
Subscribe
Thinkpad T14s
Subscribe
Thinkpad T14s Firmware
Subscribe
Thinkpad T14s Gen 2
Subscribe
Thinkpad T14s Gen 2 Firmware
Subscribe
Thinkpad T14s Gen 3
Subscribe
Thinkpad T14s Gen 3 Firmware
Subscribe
Thinkpad T15 Gen 2
Subscribe
Thinkpad T15 Gen 2 Firmware
Subscribe
Thinkpad T15g Gen 1
Subscribe
Thinkpad T15g Gen 1 Firmware
Subscribe
Thinkpad T15g Gen 2
Subscribe
Thinkpad T15g Gen 2 Firmware
Subscribe
Thinkpad T15p Gen 1
Subscribe
Thinkpad T15p Gen 1 Firmware
Subscribe
Thinkpad T15p Gen 2
Subscribe
Thinkpad T15p Gen 2 Firmware
Subscribe
Thinkpad T15p Gen 3
Subscribe
Thinkpad T15p Gen 3 Firmware
Subscribe
Thinkpad T16 Gen 1
Subscribe
Thinkpad T16 Gen 1 Firmware
Subscribe
Thinkpad X13
Subscribe
Thinkpad X13 Firmware
Subscribe
Thinkpad X13 Gen 2
Subscribe
Thinkpad X13 Gen 2 Firmware
Subscribe
Thinkpad X13 Gen 3
Subscribe
Thinkpad X13 Gen 3 Firmware
Subscribe
Thinkpad X13 Yoga Gen 1
Subscribe
Thinkpad X13 Yoga Gen 1 Firmware
Subscribe
Thinkpad X13 Yoga Gen 2
Subscribe
Thinkpad X13 Yoga Gen 2 Firmware
Subscribe
Thinkpad X1 Carbon 10th Gen
Subscribe
Thinkpad X1 Carbon 10th Gen Firmware
Subscribe
Thinkpad X1 Carbon 7th Gen
Subscribe
Thinkpad X1 Carbon 7th Gen Firmware
Subscribe
Thinkpad X1 Carbon 8th Gen
Subscribe
Thinkpad X1 Carbon 8th Gen Firmware
Subscribe
Thinkpad X1 Carbon 9th Gen
Subscribe
Thinkpad X1 Carbon 9th Gen Firmware
Subscribe
Thinkpad X1 Extreme 3rd Gen
Subscribe
Thinkpad X1 Extreme 3rd Gen Firmware
Subscribe
Thinkpad X1 Extreme 4th Gen
Subscribe
Thinkpad X1 Extreme 4th Gen Firmware
Subscribe
Thinkpad X1 Extreme Gen 5
Subscribe
Thinkpad X1 Extreme Gen 5 Firmware
Subscribe
Thinkpad X1 Fold Gen 1
Subscribe
Thinkpad X1 Fold Gen 1 Firmware
Subscribe
Thinkpad X1 Nano Gen 1
Subscribe
Thinkpad X1 Nano Gen 1 Firmware
Subscribe
Thinkpad X1 Nano Gen 2
Subscribe
Thinkpad X1 Nano Gen 2 Firmware
Subscribe
Thinkpad X1 Titanium
Subscribe
Thinkpad X1 Titanium Firmware
Subscribe
Thinkpad X1 Yoga 4th Gen
Subscribe
Thinkpad X1 Yoga 4th Gen Firmware
Subscribe
Thinkpad X1 Yoga 5th Gen
Subscribe
Thinkpad X1 Yoga 5th Gen Firmware
Subscribe
Thinkpad X1 Yoga 6th Gen
Subscribe
Thinkpad X1 Yoga 6th Gen Firmware
Subscribe
Thinkpad X1 Yoga 7th Gen
Subscribe
Thinkpad X1 Yoga 7th Gen Firmware
Subscribe
|
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2022-51907 | An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. |
Fixes
Solution
Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-106014.
Workaround
No workaround given by the vendor.
References
| Link | Providers |
|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-106014 |
|
History
No history.
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: lenovo
Published:
Updated: 2024-09-09T16:51:57.365Z
Reserved: 2022-12-16T21:19:30.420Z
Link: CVE-2022-4574
Vulnrichment
Updated: 2024-08-03T01:41:45.781Z
NVD
Status : Modified
Published: 2023-10-30T15:15:40.080
Modified: 2024-11-21T07:35:31.330
Link: CVE-2022-4574
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses