CVE-2022-40137

high-risk

Published 2023-01-30

A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.7/10 Medium

LOCAL / LOW complexity

Affected Products (20)

Ideacentre C5-14Imb05 Firmware

Ideacentre E96Z Firmware

Ideacentre 3 07Iab7 Firmware

Ideacentre 3-07Imb05 Firmware

Ideacentre 5 14Iab7 Firmware

Ideacentre 5-14Acn6 Firmware

Ideacentre 5-14Imb05 Firmware

Ideacentre 5-14Iob6 Firmware

Ideacentre Aio 3-22Ada6 Firmware

Ideacentre Aio 3-22Iil5 Firmware

Ideacentre Aio 3-22Itl6 Firmware

Ideacentre Aio 3-24Ada6 Firmware

Ideacentre Aio 3-24Alc6 Firmware

Ideacentre Aio 3-24Iil5 Firmware

Ideacentre Aio 3-24Itl6 Firmware

Ideacentre Aio 3-27Alc6 Firmware

Ideacentre Aio 3-27Itl6 Firmware

Ideacentre G5-14Imb05 Firmware

Ideacentre Gaming 5 17Acn7 Firmware

Ideacentre Gaming 5 17Iab7 Firmware

Affected Vendors

Lenovo

References (2)

Vendor Advisory https://support.lenovo.com/us/en/product_security/LEN-94953

/ 100

high-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 33/34 · Critical