CVE-2022-48188

moderate-risk

Published 2023-06-05

A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.7/10 Medium

LOCAL / LOW complexity

Affected Products (20)

Ideacentre Aio 3 21Itl7 Firmware

Ideacentre Aio 3-22Itl6 Firmware

Ideacentre Aio 3-24Itl6 Firmware

Ideacentre Aio 3-27Itl6 Firmware

Thinkcentre M720E Firmware

Thinkcentre M720Q Firmware

Thinkcentre M720S Firmware

Thinkcentre M720T Firmware

Thinkcentre M725S Firmware

Thinkcentre M75S Gen 2 Firmware

Thinkcentre M75T Gen 2 Firmware

Thinkcentre M920Q Firmware

Thinkcentre M920S Firmware

Thinkcentre M920T Firmware

Thinkcentre M920X Firmware

Thinkcentre M920Z Firmware

Ideacentre 510S-07Icb Firmware

Ideacentre 510S-07Ick Firmware

Ideacentre 720-18Apr Firmware

V30A-22Itl Firmware

Affected Vendors

Lenovo

References (2)

Vendor Advisory https://support.lenovo.com/us/en/product_security/LEN-124495

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 22/34 · High