Strix
26.1K

CVE-2022-40134

MEDIUMCVSS 4.4/10EPSS 0.20%

Last modified

CVE-2022-40134 is a medium-severity vulnerability rated 4.4/10 on the CVSS scale. An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.. EPSS estimates a 0.20% chance of exploitation in the next 30 days.

Description

An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

Metrics

CVSS 3.1
4.4/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS Probability
0.20%

9.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
LenovoIdeacentre C5-14imb05 Firmwareo4hkt38a
LenovoThinkcentre E96z Firmwarem26kt22a
LenovoIdeacentre 3 07iab7 Firmwarem49kt1da
LenovoIdeacentre 3-07imb05 Firmwarem2vkt1da
LenovoIdeacentre 5 14iab7 Firmwarem42kt40a
LenovoIdeacentre 5-14acn6 Firmwareo5ekt21a
LenovoIdeacentre 5-14imb05 Firmwareo4hkt38a
LenovoIdeacentre 5-14iob6 Firmwarem3gkt33a
LenovoIdeacentre Creator 5-14iob6 Firmwarem3gkt33a
LenovoIdeacentre G5-14imb05 Firmwareo4hkt38a
LenovoIdeacentre Gaming 5 17acn7 Firmwareo5ekt21a
LenovoIdeacentre Gaming 5 17iab7 Firmwarem42kt40a
LenovoIdeacentre Gaming 5-14acn6 Firmwareo5ekt21a
LenovoIdeacentre Gaming 5-14iob6 Firmwarem3gkt33a
LenovoLegion C530-19icb Firmwareo4bkt20a
LenovoLegion T5-26iob6 Firmwareo54kt1da
LenovoLegion T5-28icb05 Firmwareo4bkt20a
LenovoLegion T530-28apr Firmwareo4gkt16a
LenovoLegion T530-28icb Firmwareo4bkt20a
LenovoLegion T7-34imz5 Firmwareo4lkt1ea
LenovoThinkcentre M60e Tiny Firmwareo5fkt14a
LenovoThinkcentre M625q Firmwarem3skt21a
LenovoThinkcentre M630e Firmwarem1wkt45a
LenovoThinkcentre M70a Firmwarem28kt37a
LenovoThinkcentre M70a Gen 2 Firmwarem2skt25a
LenovoThinkcentre M70c Firmwarem3nkt20a
LenovoThinkcentre M70q Firmwarem2vkt1da
LenovoThinkcentre M70q Gen 2 Firmwarem2wkt57a
LenovoThinkcentre M70q Gen 3 Firmwarem3jkt34a
LenovoThinkcentre M70s Firmwarem43kt16a
LenovoThinkcentre M70s Gen 3 Firmwarem2tkt50a
LenovoThinkcentre M70t Firmwarem41kt2da
LenovoThinkcentre M70t Gen 3 Firmwarem2tkt50a
LenovoThinkcentre M710e Firmwarem41kt2da
LenovoThinkcentre M710q Firmwarem1zkt38a
LenovoThinkcentre M710s Firmwarem1akt56a
LenovoThinkcentre M710t Firmwarem16kt68a
LenovoThinkcentre M715q Firmwarem16kt68a
LenovoThinkcentre M720e Firmwarem11kt54a
LenovoThinkcentre M75n Firmwarem30kt26a
LenovoThinkcentre M75q Gen 2 Firmwarem33kt25a
LenovoThinkcentre M75t Gen 2 Firmwarem47kt24a
LenovoThinkcentre M80q Firmwarem46kt2da
LenovoThinkcentre M80s Firmwarem2wkt57a
LenovoThinkcentre M80s Firmwarem2tkt50a
LenovoThinkcentre M80t Firmwarem2tkt50a
LenovoThinkcentre M80t Firmwarem1ckt49a
LenovoThinkcentre M810z All-In-One Firmwarem1ekt25a
LenovoThinkcentre M818z Firmwarem1nkt58a
LenovoThinkcentre M820z All-In-One Firmwarem2rkt52a

Showing 50 of 337 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-40134?
An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
How severe is CVE-2022-40134?
CVE-2022-40134 has a CVSS score of 4.4/10 (MEDIUM severity). The EPSS model estimates a 0.20% probability of exploitation in the next 30 days.
How do I fix CVE-2022-40134?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-40134?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST