PT-2022-2247 · Lenovo · Thinkpad

Published

2022-04-12

Updated

2022-05-12

CVE-2022-1107

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ThinkPad models (affected versions not specified)

Description A potential issue was discovered in the SmmOEMInt15 SMI handler due to the use of Boot Services, which could be exploited by an attacker with elevated privileges to execute code. This issue is related to the BIOS firmware of ThinkPad laptops and is associated with bypassing introduced security restrictions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Privilege Management

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-264CWE-20

Related Identifiers

BDU:2022-02345

CVE-2022-1107

Affected Products

Thinkpad

PT-2022-2247 · Lenovo · Thinkpad

CVE-2022-1107

Weakness Enumeration

Related Identifiers

Affected Products

References · 8