CVE-2022-3744
high-risk
Published 2023-08-23
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential.
Do I need to act?
-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.7/10
Medium
LOCAL
/ LOW complexity
Affected Products (20)
Ideapad 1 14Iau7 Firmware
Ideapad 1 14Igl7 Firmware
Ideapad 1 15Iau7 Firmware
Ideapad 1 15Igl7 Firmware
Ideapad 1-14Ijl7 Firmware
Ideapad 1-15Ijl7 Firmware
Ideapad 3 14Iau7 Firmware
Ideapad 3 15Iau7 Firmware
Ideapad 3 17Iau7 Firmware
Ideapad 3-15Igl05 Firmware
Ideapad 3-17Iil05 Firmware
Ideapad 3-17Itl6 Firmware
Ideapad 5 15Ial7 Firmware
Ideapad 5-15Itl05 Firmware
L3-15Iml05 Firmware
L3-15Itl6 Firmware
Legion 5 15Iah7 Firmware
Legion 5 15Iah7H Firmware
Legion 5 Pro 16Iah7 Firmware
Legion 5 Pro 16Iah7H Firmware
Affected Vendors
References (2)
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-103710
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-103710
50
/ 100
high-risk
Severity
21/34 · High
Exploitability
0/34 · Minimal
Exposure
29/34 · Critical