Strix
26.1K

CVE-2022-48181

HIGHCVSS 7.8/10EPSS 0.19%

Last modified

CVE-2022-48181 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code.. EPSS estimates a 0.19% chance of exploitation in the next 30 days.

Description

An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code.

Metrics

CVSS 3.1
7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.19%

9.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
LenovoIdeacentre C5-14imb05 Firmware< o4hkt3aa
LenovoIdeacentre 3 07ach7 Firmware< m4mkt12a
LenovoIdeacentre 3 07iab7 Firmware< m49kt21a
LenovoIdeacentre 3-07ada05 Firmware< o4fkt35a
LenovoIdeacentre 3-07ada05 Firmware< m4mkt12a
LenovoIdeacentre 3-07imb05 Firmware< m2vkt1ea
LenovoIdeacentre 5 14iab7 Firmware< m42kt42a
LenovoIdeacentre 5-14acn6 Firmware< o5ekt24a
LenovoIdeacentre 5-14are05 Firmware< o4zkt2aa
LenovoIdeacentre 5-14imb05 Firmware< o4hkt3aa
LenovoIdeacentre 5-14iob6 Firmware< m3gkt3aa
LenovoIdeacentre Aio 3 21itl7 Firmware< o5akt33
LenovoIdeacentre Aio 3 22iap7 Firmware< o5nkt32a
LenovoIdeacentre Aio 3 24iap7 Firmware< o5nkt32a
LenovoIdeacentre Aio 3 27iap7 Firmware< o5nkt32a
LenovoIdeacentre Aio 3-22imb05 Firmware< o5nkt32a
LenovoIdeacentre Aio 3-22itl6 Firmware< o5akt33
LenovoIdeacentre Aio 3-24alc6 Firmware< o5bkt25a
LenovoIdeacentre Aio 3-24imb05 Firmware< o5nkt32a
LenovoIdeacentre Aio 3-24itl6 Firmware< o5akt33
LenovoIdeacentre Aio 3-27alc6 Firmware< o5bkt25a
LenovoIdeacentre Aio 3-27imb05 Firmware< o5nkt32a
LenovoIdeacentre Aio 3-27itl6 Firmware< o5akt33
LenovoIdeacentre Aio 5 24iah7 Firmware< o5rkt39a
LenovoIdeacentre Aio 5 27iah7 Firmware< o5rkt39a
LenovoIdeacentre Creator 5-14iob6 Firmware< m3gkt3aa
LenovoIdeacentre G5-14amr05 Firmware< o4zkt2aa
LenovoIdeacentre G5-14imb05 Firmware< o4hkt3aa
LenovoIdeacentre Gaming 5 17acn7 Firmware< o5ekt24a
LenovoIdeacentre Gaming 5 17iab7 Firmware< m42kt42a
LenovoIdeacentre Gaming 5-14acn6 Firmware< o5ekt24a
LenovoIdeacentre Gaming 5-14iob6 Firmware< m3gkt3aa
LenovoIdeacentre Mini 5 01iaq7 Firmware< o53kt0ea
LenovoIdeacentre Mini 5-01imh05 Firmware< o4ekt19a
LenovoLegion C530-19icb Firmware< o4bkt22a
LenovoLegion R5-28imb05 Firmware< o4nkt1da
LenovoLegion T5-26amr5 Firmware< o4mkt2da
LenovoLegion T5-26iob6 Firmware< o54kt22a
LenovoLegion T5-28icb05 Firmware< o4bkt22a
LenovoLegion T5-28imb05 Firmware< o4nkt1da
LenovoLegion T530-28icb Firmware< o4bkt22a
LenovoLegion T7-34iaz7 Firmware< o5hkt2aa
LenovoLegion T7-34imz5 Firmware< o4lkt20a
LenovoLegion T7-34imz5 Firmware< o5fkt15a
LenovoLenovo Legion T5 26iab7 Firmware< o5lkt29a
LenovoThinkcentre M600 Firmware< m00kt68a
LenovoThinkcentre M60e Tiny Firmware< m3skt25a
LenovoThinkcentre M625q Firmware< m1wkt50a
LenovoThinkcentre M70c Firmware< m2vkt1ea
LenovoThinkcentre M70q Firmware< m2wkt59a

Showing 50 of 122 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-48181?
An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code.
How severe is CVE-2022-48181?
CVE-2022-48181 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.19% probability of exploitation in the next 30 days.
How do I fix CVE-2022-48181?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-48181?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST