Strix
26.1K

CVE-2022-1892

HIGHCVSS 7.8/10EPSS 0.34%

Last modified

CVE-2022-1892 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.. EPSS estimates a 0.34% chance of exploitation in the next 30 days.

Description

A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

Metrics

CVSS 3.1
7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.34%

26.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Lenovo100e 2nd Gen Firmware< frcn23ww
Lenovo100w Gen 3 Firmware< gacn38ww
Lenovo13w Yoga Firmware< jacn31ww
Lenovo14w Gen 2 Firmware< h0cn21ww
Lenovo300e 2nd Gen Firmware< frcn23ww
Lenovo300w Gen 3 Firmware< gacn38ww
Lenovo500w Gen 3 Firmware< g6cn40ww
Lenovo730s-13iml Firmware< brcn20ww
LenovoFlex 3-11ada05 Firmware< fpcn26ww
LenovoFlex 5-14alc05 Firmware< gjcn27ww
LenovoFlex 5-14are05 Firmware< eecn39ww
LenovoFlex 5-14iil05 Firmware< eecn40ww
LenovoFlex 5-14itl05 Firmware< fxcn38ww
LenovoFlex 5-15alc05 Firmware< gjcn27ww
LenovoFlex 5-15iil05 Firmware< eccn40ww
LenovoFlex 5-15itl05 Firmware< fxcn38ww
LenovoIdeapad 1-11ada05 Firmware< fqcn26ww
LenovoIdeapad 1-11igl05 Firmware< dwcn24ww
LenovoIdeapad 1-14ada05 Firmware< fqcn26ww
LenovoIdeapad 1-14igl05 Firmware< dwcn24ww
LenovoIdeapad 3-15ada05 Firmware< e8cn36ww
LenovoIdeapad 3-14ada05 Firmware< e8cn36ww
LenovoIdeapad 3-14ada6 Firmware< hbcn24ww
LenovoIdeapad 3-14alc6 Firmware< glcn48ww
LenovoIdeapad 3-15ada6 Firmware< hbcn24ww
LenovoIdeapad 3-15alc6 Firmware< glcn48ww
LenovoIdeapad 3-17alc6 Firmware< e8cn36ww
LenovoIdeapad 3-17ada05 Firmware< hbcn24ww
LenovoIdeapad 3-17ada6 Firmware< glcn48ww
LenovoIdeapad 5 15aba7 Firmware< kacn14ww
LenovoIdeapad Flex 5 14alc7 Firmware< jccn29ww
LenovoIdeapad Flex 5 16alc7 Firmware< jccn29ww
LenovoLegion S7-15imh5 Firmware< hacn37ww
LenovoLegion S7-15ach6 Firmware< g1cn27ww
LenovoLegion S7-15arh5 Firmware< fdcn40ww
LenovoS145-14api Firmware< bucn33ww
LenovoS145-14ast Firmware< aycn28ww
LenovoS145-15api Firmware< bucn33ww
LenovoS145-15ast Firmware< aycn28ww
LenovoS540-13api Firmware< cxcn36ww
LenovoIdeapad S940-14iil Firmware< bqcn34ww
LenovoYoga S940-14iil Firmware< bqcn34ww
LenovoIdeapad Slim 1-14ast-05 Firmware< cwcn25ww
LenovoIdeapad Slim 1-11ast-05 Firmware< cwcn25ww
LenovoThinkbook 13s G3 Acn Firmware< gmcn29ww
LenovoThinkbook 13s G2 Are Firmware< fvcn24ww
LenovoThinkbook 13s G2 Itl Firmware< f9cn50ww
LenovoThinkbook 13s-Iml Firmware< cqcn37ww
LenovoThinkbook 14-Iil Firmware< djcn28ww
LenovoThinkbook 14-Iml Firmware< cjcn38ww

Showing 50 of 70 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-1892?
A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
How severe is CVE-2022-1892?
CVE-2022-1892 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.34% probability of exploitation in the next 30 days.
How do I fix CVE-2022-1892?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-1892?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST