CVE-2022-48188
HIGHCVSS 7.8/10EPSS 0.19%
Last modified
CVE-2022-48188 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.. EPSS estimates a 0.19% chance of exploitation in the next 30 days.
Description
A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Ideacentre Aio 3 21itl7 Firmware | < o5akt33 |
| Lenovo | Ideacentre Aio 3-22itl6 Firmware | < o5akt33 |
| Lenovo | Ideacentre Aio 3-24itl6 Firmware | < o5akt33 |
| Lenovo | Ideacentre Aio 3-27itl6 Firmware | < o5akt33 |
| Lenovo | Thinkcentre M720e Firmware | < m1zkt40a |
| Lenovo | Thinkcentre M720q Firmware | < m1ukt70a |
| Lenovo | Thinkcentre M720s Firmware | < m1ukt70a |
| Lenovo | Thinkcentre M720t Firmware | < m1ukt70a |
| Lenovo | Thinkcentre M725s Firmware | < m25kt63a |
| Lenovo | Thinkcentre M75s Gen 2 Firmware | < m46kt30a |
| Lenovo | Thinkcentre M75s Gen 2 Firmware | < m3bkt30a |
| Lenovo | Thinkcentre M75t Gen 2 Firmware | < m46kt30a |
| Lenovo | Thinkcentre M75t Gen 2 Firmware | < m3akt4ca |
| Lenovo | Thinkcentre M920q Firmware | < m1ukt70a |
| Lenovo | Thinkcentre M920s Firmware | < m1ukt70a |
| Lenovo | Thinkcentre M920t Firmware | < m1ukt70a |
| Lenovo | Thinkcentre M920x Firmware | < m1ukt70a |
| Lenovo | Thinkcentre M920z Firmware | < m1mkt55a |
| Lenovo | Ideacentre 510s-07icb Firmware | < m22kt48a |
| Lenovo | Ideacentre 510s-07icb Firmware | < m22kt49a |
| Lenovo | Ideacentre 510s-07ick Firmware | < m30kt28a |
| Lenovo | Ideacentre 510s-07ick Firmware | < m1zkt40a |
| Lenovo | Ideacentre 720-18apr Firmware | < m25kt63a |
| Lenovo | V30a-22itl Firmware | < o5akt33 |
| Lenovo | V30a-24itl Firmware | < o5akt33 |
| Lenovo | V530s-07icb Firmware | < m22kt49a |
| Lenovo | V530s-07icr Firmware | < m1zkt40a |
| Lenovo | Thinkstation P330 Tiny Firmware | < m1ukt70a |
| Lenovo | Thinkstation P360 Ultra Firmware | < s0fkt27a |
| Lenovo | Thinkstation P520 Firmware | < s03kt58a |
| Lenovo | Thinkstation P520c Firmware | < s03kt58a |
References
- https://support.lenovo.com/us/en/product_security/LEN-124495Vendor Advisory
- https://support.lenovo.com/us/en/product_security/LEN-124495Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-48188?
A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.
How severe is CVE-2022-48188?
CVE-2022-48188 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.19% probability of exploitation in the next 30 days.
How do I fix CVE-2022-48188?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2022-48188?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST