PT-2022-2248 · Lenovo · Thinkpad X1 Fold Gen 1

Published

2022-04-12

Updated

2022-05-12

CVE-2022-1108

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Thinkpad X1 Fold Gen 1 (affected versions not specified)

Description A potential issue due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface could be exploited by an attacker with local access and elevated privileges to execute arbitrary code. The issue is related to a buffer overflow in the BIOS firmware of ThinkPad laptops, which may allow an attacker to run a specially crafted program and execute arbitrary code with elevated privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Privilege Management

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-20CWE-119

Related Identifiers

BDU:2022-02346

CVE-2022-1108

Affected Products

Thinkpad X1 Fold Gen 1

PT-2022-2248 · Lenovo · Thinkpad X1 Fold Gen 1

CVE-2022-1108

Weakness Enumeration

Related Identifiers

Affected Products

References · 7