CVE-2022-1107

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.

Published: Apr 22, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-1107
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

Affected Software
References

Software	From	Fixed in
lenovo / thinkpad_11e_firmware	-	n15et78w
lenovo / thinkpad_helix_firmware	-	n17eta8w
lenovo / thinkpad_l560_firmware	-	n1het85w
lenovo / thinkpad_l570_firmware	-	n1xet65w
lenovo / thinkpad_p50s_firmware	-	n1ket46w
lenovo / thinkpad_p51s_firmware	-	n1vet50w
lenovo / thinkpad_p52s_firmware	-	n27et36w
lenovo / thinkpad_s540_firmware	-	gpet80ww
lenovo / thinkpad_t550_firmware	-	n11et50w
lenovo / thinkpad_t560_firmware	-	n1ket46w
lenovo / thinkpad_t570_firmware	-	n1vet50w
lenovo / thinkpad_t580_firmware	-	n27et36w
lenovo / thinkpad_x1_tablet_gen_1_firmware	-	n1let86w
lenovo / thinkpad_x1_tablet_gen_2_firmware	-	n1oet50w
lenovo / thinkpad_w540_firmware	-	gnet92ww
lenovo / thinkpad_w541_firmware	-	gnet92ww
lenovo / thinkpad_w550s_firmware	-	n11et50w
lenovo / thinkpad_x1_carbon_3rd_gen_firmware	-	n14et52w
lenovo / thinkpad_x1_carbon_4th_gen_firmware	-	n1fet70w
lenovo / thinkpad_x1_carbon_5th_gen_kabylake_firmware	-	n1met55w
lenovo / thinkpad_x1_carbon_5th_gen_skylake_firmware	-	n1met55w
lenovo / thinkpad_x1_yoga_firmware	-	n1fet70w
lenovo / thinkpad_x1_yoga_gen_2_firmware	-	n1net47w
lenovo / thinkpad_x1_yoga_gen_3_firmware	-	n25et50w
lenovo / thinkpad_x250_firmware	-	n10et58w
lenovo / thinkpad_x280_firmware	-	n20et44w
lenovo / thinkpad_x390_firmware	-	n2let60w
lenovo / thinkpad_11e_yoga_firmware	-	n15et78w
lenovo / thinkpad_yoga_15_firmware	-	n19et61w
lenovo / thinkpad_yoga_260_firmware	-	n1get98w

https://support.lenovo.com/us/en/product_security/LEN-84943

Vulnerability Database

289,697

CVE-2022-1107