CVE-2022-48181

high-risk

Published 2023-06-05

An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.7/10 Medium

LOCAL / LOW complexity

Affected Products (20)

Ideacentre C5-14Imb05 Firmware

Ideacentre 3 07Ach7 Firmware

Ideacentre 3 07Iab7 Firmware

Ideacentre 3-07Ada05 Firmware

Ideacentre 3-07Imb05 Firmware

Ideacentre 5 14Iab7 Firmware

Ideacentre 5-14Acn6 Firmware

Ideacentre 5-14Are05 Firmware

Ideacentre 5-14Imb05 Firmware

Ideacentre 5-14Iob6 Firmware

Ideacentre Aio 3 21Itl7 Firmware

Ideacentre Aio 3 22Iap7 Firmware

Ideacentre Aio 3 24Iap7 Firmware

Ideacentre Aio 3 27Iap7 Firmware

Ideacentre Aio 3-22Imb05 Firmware

Ideacentre Aio 3-22Itl6 Firmware

Ideacentre Aio 3-24Alc6 Firmware

Ideacentre Aio 3-24Imb05 Firmware

Ideacentre Aio 3-24Itl6 Firmware

Ideacentre Aio 3-27Alc6 Firmware

Affected Vendors

Lenovo

References (2)

Vendor Advisory https://support.lenovo.com/us/en/product_security/LEN-124495

/ 100

high-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 31/34 · Critical