CVE-2022-4574
moderate-risk
Published 2023-10-30
An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.
Do I need to act?
-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.7/10
Medium
LOCAL
/ LOW complexity
Affected Products (20)
Thinkpad X13 Yoga Gen 2 Firmware
Thinkpad X13 Yoga Gen 1 Firmware
Thinkpad X13 Gen 3 Firmware
Thinkpad X13 Gen 2 Firmware
Thinkpad X13 Firmware
Thinkpad X1 Yoga 7Th Gen Firmware
Thinkpad X1 Yoga 6Th Gen Firmware
Thinkpad X1 Yoga 5Th Gen Firmware
Thinkpad X1 Yoga 4Th Gen Firmware
Thinkpad X1 Titanium Firmware
Thinkpad X1 Nano Gen 2 Firmware
Thinkpad X1 Nano Gen 1 Firmware
Thinkpad X1 Fold Gen 1 Firmware
Thinkpad X1 Extreme Gen 5 Firmware
Thinkpad X1 Extreme 4Th Gen Firmware
Thinkpad X1 Extreme 3Rd Gen Firmware
Thinkpad X1 Carbon 9Th Gen Firmware
Thinkpad X1 Carbon 8Th Gen Firmware
Thinkpad X1 Carbon 7Th Gen Firmware
Thinkpad X1 Carbon 10Th Gen Firmware
Affected Vendors
References (2)
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-106014
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-106014
47
/ 100
moderate-risk
Severity
21/34 · High
Exploitability
0/34 · Minimal
Exposure
26/34 · High