A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.
References
Link | Resource |
---|---|
https://support.lenovo.com/us/en/product_security/LEN-106014 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
History
08 Nov 2023, 00:24
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://support.lenovo.com/us/en/product_security/LEN-106014 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.7 |
CPE | cpe:2.3:o:lenovo:thinkpad_x1_carbon_4th_gen_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_25_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_x270_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t560:-:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_t470_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_x1_yoga_1st_gen_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l560:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x1_carbon_4th_gen:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x1_yoga_1st_gen:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p70:-:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_t470s_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_25:-:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_yoga_260_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p50:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t470s:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x260:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t470:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_yoga_260:-:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_l560_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_p50_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_p50s_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_p70_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_x260_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p50s:-:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_t560_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x270:-:*:*:*:*:*:*:* |
|
First Time |
Lenovo thinkpad 25
Lenovo thinkpad T560 Firmware Lenovo thinkpad X1 Yoga 1st Gen Lenovo thinkpad T470 Lenovo thinkpad P50 Lenovo thinkpad L560 Lenovo thinkpad X260 Firmware Lenovo thinkpad T560 Lenovo thinkpad Yoga 260 Firmware Lenovo thinkpad X1 Yoga 1st Gen Firmware Lenovo thinkpad 25 Firmware Lenovo thinkpad X1 Carbon 4th Gen Firmware Lenovo Lenovo thinkpad P50 Firmware Lenovo thinkpad X260 Lenovo thinkpad T470s Firmware Lenovo thinkpad L560 Firmware Lenovo thinkpad P50s Lenovo thinkpad X1 Carbon 4th Gen Lenovo thinkpad P70 Firmware Lenovo thinkpad T470s Lenovo thinkpad Yoga 260 Lenovo thinkpad X270 Lenovo thinkpad X270 Firmware Lenovo thinkpad T470 Firmware Lenovo thinkpad P50s Firmware Lenovo thinkpad P70 |
30 Oct 2023, 15:28
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-30 15:15
Updated : 2023-12-10 15:14
NVD link : CVE-2022-4575
Mitre link : CVE-2022-4575
CVE.ORG link : CVE-2022-4575
JSON object : View
Products Affected
lenovo
- thinkpad_25
- thinkpad_25_firmware
- thinkpad_l560
- thinkpad_p50s
- thinkpad_yoga_260_firmware
- thinkpad_t560
- thinkpad_x1_carbon_4th_gen_firmware
- thinkpad_l560_firmware
- thinkpad_x260_firmware
- thinkpad_x270_firmware
- thinkpad_t470s
- thinkpad_t560_firmware
- thinkpad_x1_carbon_4th_gen
- thinkpad_x270
- thinkpad_t470s_firmware
- thinkpad_p50_firmware
- thinkpad_p50s_firmware
- thinkpad_t470
- thinkpad_p50
- thinkpad_x1_yoga_1st_gen_firmware
- thinkpad_p70
- thinkpad_t470_firmware
- thinkpad_p70_firmware
- thinkpad_x260
- thinkpad_x1_yoga_1st_gen
- thinkpad_yoga_260
CWE
CWE-276
Incorrect Default Permissions