CVE-2022-4575 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2022-4575

A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.

Published: Oct 30, 2023
Updated: Nov 10, 2023
CVE: CVE-2022-4575
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-276

Affected Software
References

Software	From	Fixed in
lenovo / thinkpad_25_firmware	-	1.73
lenovo / thinkpad_l560_firmware	-	1.62
lenovo / thinkpad_p50_firmware	-	1.71
lenovo / thinkpad_p50s_firmware	-	1.45
lenovo / thinkpad_p70_firmware	-	2.45
lenovo / thinkpad_t470_firmware	-	1.73
lenovo / thinkpad_t470s_firmware	-	1.49
lenovo / thinkpad_t560_firmware	-	1.45
lenovo / thinkpad_x1_carbon_4th_gen_firmware	-	1.56
lenovo / thinkpad_x1_yoga_1st_gen_firmware	-	1.56
lenovo / thinkpad_x260_firmware	-	1.50
lenovo / thinkpad_x270_firmware	-	1.47
lenovo / thinkpad_yoga_260_firmware	-	1.88

https://support.lenovo.com/us/en/product_security/LEN-106014