CVE-2022-4575
Last modified
CVE-2022-4575 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot. . EPSS estimates a 0.18% chance of exploitation in the next 30 days.
Description
A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.
Metrics
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Thinkpad 25 Firmware | < 1.73 |
| Lenovo | Thinkpad L560 Firmware | < 1.62 |
| Lenovo | Thinkpad P50 Firmware | < 1.71 |
| Lenovo | Thinkpad P50s Firmware | < 1.45 |
| Lenovo | Thinkpad P70 Firmware | < 2.45 |
| Lenovo | Thinkpad T470 Firmware | < 1.73 |
| Lenovo | Thinkpad T470s Firmware | < 1.49 |
| Lenovo | Thinkpad T560 Firmware | < 1.45 |
| Lenovo | Thinkpad X1 Carbon 4th Gen Firmware | < 1.56 |
| Lenovo | Thinkpad X1 Yoga 1st Gen Firmware | < 1.56 |
| Lenovo | Thinkpad X260 Firmware | < 1.50 |
| Lenovo | Thinkpad X270 Firmware | < 1.47 |
| Lenovo | Thinkpad Yoga 260 Firmware | < 1.88 |
References
- https://support.lenovo.com/us/en/product_security/LEN-106014Vendor Advisory
- https://support.lenovo.com/us/en/product_security/LEN-106014Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-4575?
How severe is CVE-2022-4575?
How do I fix CVE-2022-4575?
Are you affected by CVE-2022-4575?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST