CVE-2022-1107

Name: CVE-2022-1107
Creator: NVD / NIST
Published: 2022-04-22T21:15:10.3+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.7/10EPSS 0.25%

Last modified Jun 17, 2026

CVE-2022-1107 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.. EPSS estimates a 0.25% chance of exploitation in the next 30 days.

Description

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.

Metrics

CVSS 3.1

6.7/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.25%

16.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Lenovo	Thinkpad 11e Firmware	< n15et78w
Lenovo	Thinkpad Helix Firmware	< n17eta8w
Lenovo	Thinkpad L560 Firmware	< n1het85w
Lenovo	Thinkpad L570 Firmware	< n1xet65w
Lenovo	Thinkpad P50s Firmware	< n1ket46w
Lenovo	Thinkpad P51s Firmware	< n1vet50w
Lenovo	Thinkpad P52s Firmware	< n27et36w
Lenovo	Thinkpad S540 Firmware	< gpet80ww
Lenovo	Thinkpad T550 Firmware	< n11et50w
Lenovo	Thinkpad T560 Firmware	< n1ket46w
Lenovo	Thinkpad T570 Firmware	< n1vet50w
Lenovo	Thinkpad T580 Firmware	< n27et36w
Lenovo	Thinkpad X1 Tablet Gen 1 Firmware	< n1let86w
Lenovo	Thinkpad X1 Tablet Gen 2 Firmware	< n1oet50w
Lenovo	Thinkpad W540 Firmware	< gnet92ww
Lenovo	Thinkpad W541 Firmware	< gnet92ww
Lenovo	Thinkpad W550s Firmware	< n11et50w
Lenovo	Thinkpad X1 Carbon 3rd Gen Firmware	< n14et52w
Lenovo	Thinkpad X1 Carbon 4th Gen Firmware	< n1fet70w
Lenovo	Thinkpad X1 Carbon 5th Gen Kabylake Firmware	< n1met55w
Lenovo	Thinkpad X1 Carbon 5th Gen Skylake Firmware	< n1met55w
Lenovo	Thinkpad X1 Yoga Firmware	< n1fet70w
Lenovo	Thinkpad X1 Yoga Gen 2 Firmware	< n1net47w
Lenovo	Thinkpad X1 Yoga Gen 3 Firmware	< n25et50w
Lenovo	Thinkpad X250 Firmware	< n10et58w
Lenovo	Thinkpad X280 Firmware	< n20et44w
Lenovo	Thinkpad X390 Firmware	< n2let60w
Lenovo	Thinkpad 11e Yoga Firmware	< n15et78w
Lenovo	Thinkpad Yoga 15 Firmware	< n19et61w
Lenovo	Thinkpad Yoga 260 Firmware	< n1get98w

References

https://support.lenovo.com/us/en/product_security/LEN-84943Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-84943Vendor Advisory

Timeline

Published: Apr 22, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-1107?

How severe is CVE-2022-1107?

CVE-2022-1107 has a CVSS score of 6.7/10 (MEDIUM severity). The EPSS model estimates a 0.25% probability of exploitation in the next 30 days.

How do I fix CVE-2022-1107?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-1107?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST