CVE-2022-1107
moderate-risk
Published 2022-04-22
During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.
Do I need to act?
-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.7/10
Medium
LOCAL
/ LOW complexity
Affected Products (20)
Thinkpad 11E Firmware
Thinkpad Helix Firmware
Thinkpad L560 Firmware
Thinkpad L570 Firmware
Thinkpad P50S Firmware
Thinkpad P51S Firmware
Thinkpad P52S Firmware
Thinkpad S540 Firmware
Thinkpad T550 Firmware
Thinkpad T560 Firmware
Thinkpad T570 Firmware
Thinkpad T580 Firmware
Thinkpad X1 Tablet Gen 1 Firmware
Thinkpad X1 Tablet Gen 2 Firmware
Thinkpad W540 Firmware
Thinkpad W541 Firmware
Thinkpad W550S Firmware
Thinkpad X1 Carbon 3Rd Gen Firmware
Thinkpad X1 Carbon 4Th Gen Firmware
Thinkpad X1 Carbon 5Th Gen Kabylake Firmware
Affected Vendors
References (2)
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-84943
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-84943
43
/ 100
moderate-risk
Severity
21/34 · High
Exploitability
0/34 · Minimal
Exposure
22/34 · High