Multiple vulnerabilities in Lenovo Notebook LCFC BIOS

1) Buffer overflow

EUVDB-ID: #VU68890

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3742

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in LCFC BIOS. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IdeaPad 1 14IAU7: All versions

IdeaPad 1 14IGL7: All versions

IdeaPad 1 15IAU7: All versions

IdeaPad 1 15IGL7: All versions

IdeaPad 1-14IJL7: All versions

IdeaPad 1-15IJL7: All versions

IdeaPad 3 14IAU7: All versions

IdeaPad 3 15IAU7: All versions

IdeaPad 3 17IAU7: All versions

IdeaPad 3-15IGL05: All versions

IdeaPad 3-17IIL05: All versions

IdeaPad 3-17ITL6: All versions

IdeaPad 5 15IAL7: All versions

ideapad L3-15IML05: All versions

ideapad L3-15ITL6: All versions

Lenovo Legion 5 15IAH7: All versions

Lenovo Legion 5 15IAH7H: All versions

Lenovo Legion 5 Pro 16IAH7: All versions

Lenovo Legion 5 Pro 16IAH7H: All versions

Lenovo Legion 5 Pro-16ITH6: All versions

Lenovo Legion 5 Pro-16ITH6H: All versions

Lenovo Legion 5-15IMH05: All versions

Lenovo Legion 5-15IMH05H: All versions

Lenovo Legion 5-15IMH6: All versions

Lenovo Legion 5-15ITH6: All versions

Lenovo Legion 5-15ITH6H: All versions

Lenovo Legion 5-17IMH05: All versions

Lenovo Legion 5-17IMH05H: All versions

Lenovo Legion 5-17ITH6: All versions

Lenovo Legion 5-17ITH6H: All versions

Lenovo Legion 5P-15IMH05: All versions

Lenovo Legion 5P-15IMH05H: All versions

Lenovo Legion 7-16ITHg6: All versions

Lenovo S14 G2 ITL: All versions

Lenovo S14 G3 IAP: All versions

Lenovo Slim 7 14IAP7: All versions

Lenovo Slim 7 Carbon 13IAP7: All versions

Lenovo ThinkBook 15p IMH: All versions

Lenovo V14 G2 IJL: All versions

Lenovo V14 G3 IAP: All versions

Lenovo V15 G2 IJL: All versions

Lenovo V15 G3 IAP: All versions

Lenovo V17 G3 IAP: All versions

ideapad S540-13ITL: All versions

ThinkBook 15P G2 ITH: All versions

Lenovo V14 G1-IML: All versions

Lenovo V14 G2-ITL: All versions

Lenovo V14-IGL: All versions

Lenovo V15 G1-IML: All versions

Lenovo V15 G2-ITL: All versions

Lenovo V15-IGL: All versions

Lenovo V17 G2-ITL: All versions

Lenovo V17-IIL: All versions

Yoga 7 14IAL7: All versions

Yoga 7 16IAH7: All versions

IdeaPad Yoga 7 16IAP7: All versions

ideapad Yoga 7-14ITL5: All versions

ideapad Yoga 7-15ITL5: All versions

Yoga Slim 7 Carbon 13IAP7: All versions

Yoga Slim 7 Pro 14IAH7: All versions

IdeaPad Yoga Slim 7 Pro 14IAP7: All versions

ideapad 3-14IGL05: All versions

ideapad 3-14IIL05: All versions

ideapad 3-14IML05: All versions

ideapad 3-14ITL05: All versions

ideapad 3-14ITL6: All versions

ideapad 3-15IIL05: All versions

ideapad 3-15IML05: All versions

ideapad 3-15ITL05: All versions

ideapad 3-15ITL6: All versions

ideapad 3-17IML05: All versions

ideapad 5-15IIL05: All versions

ideapad Creator 5-15IMH05: All versions

ideapad Gaming 3-15IMH05: All versions

IdeaPad Yoga 9 14IAP7: before HNCN42WW

External links

http://support.lenovo.com/us/en/product_security/LEN-103710

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU68891

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3743

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an error within the LCFC BIOS implementation. A local user can enumerate Embedded Controller (EC) commands and use them to escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IdeaPad 1 14IAU7: All versions

IdeaPad 1 14IGL7: All versions

IdeaPad 1 15IAU7: All versions

IdeaPad 1 15IGL7: All versions

IdeaPad 1-14IJL7: All versions

IdeaPad 1-15IJL7: All versions

IdeaPad 3 14IAU7: All versions

IdeaPad 3 15IAU7: All versions

IdeaPad 3 17IAU7: All versions

IdeaPad 3-15IGL05: All versions

IdeaPad 3-17IIL05: All versions

IdeaPad 3-17ITL6: All versions

IdeaPad 5 15IAL7: All versions

ideapad L3-15IML05: All versions

ideapad L3-15ITL6: All versions

Lenovo Legion 5 15IAH7: All versions

Lenovo Legion 5 15IAH7H: All versions

Lenovo Legion 5 Pro 16IAH7: All versions

Lenovo Legion 5 Pro 16IAH7H: All versions

Lenovo Legion 5 Pro-16ITH6: All versions

Lenovo Legion 5 Pro-16ITH6H: All versions

Lenovo Legion 5-15IMH05: All versions

Lenovo Legion 5-15IMH05H: All versions

Lenovo Legion 5-15IMH6: All versions

Lenovo Legion 5-15ITH6: All versions

Lenovo Legion 5-15ITH6H: All versions

Lenovo Legion 5-17IMH05: All versions

Lenovo Legion 5-17IMH05H: All versions

Lenovo Legion 5-17ITH6: All versions

Lenovo Legion 5-17ITH6H: All versions

Lenovo Legion 5P-15IMH05: All versions

Lenovo Legion 5P-15IMH05H: All versions

Lenovo Legion 7-16ITHg6: All versions

Lenovo S14 G2 ITL: All versions

Lenovo S14 G3 IAP: All versions

Lenovo Slim 7 14IAP7: All versions

Lenovo Slim 7 Carbon 13IAP7: All versions

Lenovo ThinkBook 15p IMH: All versions

Lenovo V14 G2 IJL: All versions

Lenovo V14 G3 IAP: All versions

Lenovo V15 G2 IJL: All versions

Lenovo V15 G3 IAP: All versions

Lenovo V17 G3 IAP: All versions

ideapad S540-13ITL: All versions

ThinkBook 15P G2 ITH: All versions

Lenovo V14 G1-IML: All versions

Lenovo V14 G2-ITL: All versions

Lenovo V14-IGL: All versions

Lenovo V15 G1-IML: All versions

Lenovo V15 G2-ITL: All versions

Lenovo V15-IGL: All versions

Lenovo V17 G2-ITL: All versions

Lenovo V17-IIL: All versions

Yoga 7 14IAL7: All versions

Yoga 7 16IAH7: All versions

IdeaPad Yoga 7 16IAP7: All versions

ideapad Yoga 7-14ITL5: All versions

ideapad Yoga 7-15ITL5: All versions

Yoga Slim 7 Carbon 13IAP7: All versions

Yoga Slim 7 Pro 14IAH7: All versions

IdeaPad Yoga Slim 7 Pro 14IAP7: All versions

ideapad 3-14IGL05: All versions

ideapad 3-14IIL05: All versions

ideapad 3-14IML05: All versions

ideapad 3-14ITL05: All versions

ideapad 3-14ITL6: All versions

ideapad 3-15IIL05: All versions

ideapad 3-15IML05: All versions

ideapad 3-15ITL05: All versions

ideapad 3-15ITL6: All versions

ideapad 3-17IML05: All versions

ideapad 5-15IIL05: All versions

ideapad Creator 5-15IMH05: All versions

ideapad Gaming 3-15IMH05: All versions

IdeaPad Yoga 9 14IAP7: before HNCN42WW

External links

http://support.lenovo.com/us/en/product_security/LEN-103710

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use of hard-coded credentials

EUVDB-ID: #VU68892

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3744

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: No

Description

The vulnerability allows an attacker to compromise the affected system.

The vulnerability exists due to usage of hard-coded SMI handler credentials in LCFC BIOS. An attacker with physical access to device can unlock UEFI variables and compromise the affected system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IdeaPad 1 14IAU7: All versions

IdeaPad 1 14IGL7: All versions

IdeaPad 1 15IAU7: All versions

IdeaPad 1 15IGL7: All versions

IdeaPad 1-14IJL7: All versions

IdeaPad 1-15IJL7: All versions

IdeaPad 3 14IAU7: All versions

IdeaPad 3 15IAU7: All versions

IdeaPad 3 17IAU7: All versions

IdeaPad 3-15IGL05: All versions

IdeaPad 3-17IIL05: All versions

IdeaPad 3-17ITL6: All versions

IdeaPad 5 15IAL7: All versions

ideapad L3-15IML05: All versions

ideapad L3-15ITL6: All versions

Lenovo Legion 5 15IAH7: All versions

Lenovo Legion 5 15IAH7H: All versions

Lenovo Legion 5 Pro 16IAH7: All versions

Lenovo Legion 5 Pro 16IAH7H: All versions

Lenovo Legion 5 Pro-16ITH6: All versions

Lenovo Legion 5 Pro-16ITH6H: All versions

Lenovo Legion 5-15IMH05: All versions

Lenovo Legion 5-15IMH05H: All versions

Lenovo Legion 5-15IMH6: All versions

Lenovo Legion 5-15ITH6: All versions

Lenovo Legion 5-15ITH6H: All versions

Lenovo Legion 5-17IMH05: All versions

Lenovo Legion 5-17IMH05H: All versions

Lenovo Legion 5-17ITH6: All versions

Lenovo Legion 5-17ITH6H: All versions

Lenovo Legion 5P-15IMH05: All versions

Lenovo Legion 5P-15IMH05H: All versions

Lenovo Legion 7-16ITHg6: All versions

Lenovo S14 G2 ITL: All versions

Lenovo S14 G3 IAP: All versions

Lenovo Slim 7 14IAP7: All versions

Lenovo Slim 7 Carbon 13IAP7: All versions

Lenovo ThinkBook 15p IMH: All versions

Lenovo V14 G2 IJL: All versions

Lenovo V14 G3 IAP: All versions

Lenovo V15 G2 IJL: All versions

Lenovo V15 G3 IAP: All versions

Lenovo V17 G3 IAP: All versions

ideapad S540-13ITL: All versions

ThinkBook 15P G2 ITH: All versions

Lenovo V14 G1-IML: All versions

Lenovo V14 G2-ITL: All versions

Lenovo V14-IGL: All versions

Lenovo V15 G1-IML: All versions

Lenovo V15 G2-ITL: All versions

Lenovo V15-IGL: All versions

Lenovo V17 G2-ITL: All versions

Lenovo V17-IIL: All versions

Yoga 7 14IAL7: All versions

Yoga 7 16IAH7: All versions

IdeaPad Yoga 7 16IAP7: All versions

ideapad Yoga 7-14ITL5: All versions

ideapad Yoga 7-15ITL5: All versions

Yoga Slim 7 Carbon 13IAP7: All versions

Yoga Slim 7 Pro 14IAH7: All versions

IdeaPad Yoga Slim 7 Pro 14IAP7: All versions

ideapad 3-14IGL05: All versions

ideapad 3-14IIL05: All versions

ideapad 3-14IML05: All versions

ideapad 3-14ITL05: All versions

ideapad 3-14ITL6: All versions

ideapad 3-15IIL05: All versions

ideapad 3-15IML05: All versions

ideapad 3-15ITL05: All versions

ideapad 3-15ITL6: All versions

ideapad 3-17IML05: All versions

ideapad 5-15IIL05: All versions

ideapad Creator 5-15IMH05: All versions

ideapad Gaming 3-15IMH05: All versions

IdeaPad Yoga 9 14IAP7: before HNCN42WW

External links

http://support.lenovo.com/us/en/product_security/LEN-103710

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU68893

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3745

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists in LCFC BIOS due to improperly imposed security restrictions. A local user can view incoming and returned data from SMI.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IdeaPad 1 14IAU7: All versions

IdeaPad 1 14IGL7: All versions

IdeaPad 1 15IAU7: All versions

IdeaPad 1 15IGL7: All versions

IdeaPad 1-14IJL7: All versions

IdeaPad 1-15IJL7: All versions

IdeaPad 3 14IAU7: All versions

IdeaPad 3 15IAU7: All versions

IdeaPad 3 17IAU7: All versions

IdeaPad 3-15IGL05: All versions

IdeaPad 3-17IIL05: All versions

IdeaPad 3-17ITL6: All versions

IdeaPad 5 15IAL7: All versions

ideapad L3-15IML05: All versions

ideapad L3-15ITL6: All versions

Lenovo Legion 5 15IAH7: All versions

Lenovo Legion 5 15IAH7H: All versions

Lenovo Legion 5 Pro 16IAH7: All versions

Lenovo Legion 5 Pro 16IAH7H: All versions

Lenovo Legion 5 Pro-16ITH6: All versions

Lenovo Legion 5 Pro-16ITH6H: All versions

Lenovo Legion 5-15IMH05: All versions

Lenovo Legion 5-15IMH05H: All versions

Lenovo Legion 5-15IMH6: All versions

Lenovo Legion 5-15ITH6: All versions

Lenovo Legion 5-15ITH6H: All versions

Lenovo Legion 5-17IMH05: All versions

Lenovo Legion 5-17IMH05H: All versions

Lenovo Legion 5-17ITH6: All versions

Lenovo Legion 5-17ITH6H: All versions

Lenovo Legion 5P-15IMH05: All versions

Lenovo Legion 5P-15IMH05H: All versions

Lenovo Legion 7-16ITHg6: All versions

Lenovo S14 G2 ITL: All versions

Lenovo S14 G3 IAP: All versions

Lenovo Slim 7 14IAP7: All versions

Lenovo Slim 7 Carbon 13IAP7: All versions

Lenovo ThinkBook 15p IMH: All versions

Lenovo V14 G2 IJL: All versions

Lenovo V14 G3 IAP: All versions

Lenovo V15 G2 IJL: All versions

Lenovo V15 G3 IAP: All versions

Lenovo V17 G3 IAP: All versions

ideapad S540-13ITL: All versions

ThinkBook 15P G2 ITH: All versions

Lenovo V14 G1-IML: All versions

Lenovo V14 G2-ITL: All versions

Lenovo V14-IGL: All versions

Lenovo V15 G1-IML: All versions

Lenovo V15 G2-ITL: All versions

Lenovo V15-IGL: All versions

Lenovo V17 G2-ITL: All versions

Lenovo V17-IIL: All versions

Yoga 7 14IAL7: All versions

Yoga 7 16IAH7: All versions

IdeaPad Yoga 7 16IAP7: All versions

ideapad Yoga 7-14ITL5: All versions

ideapad Yoga 7-15ITL5: All versions

Yoga Slim 7 Carbon 13IAP7: All versions

Yoga Slim 7 Pro 14IAH7: All versions

IdeaPad Yoga Slim 7 Pro 14IAP7: All versions

ideapad 3-14IGL05: All versions

ideapad 3-14IIL05: All versions

ideapad 3-14IML05: All versions

ideapad 3-14ITL05: All versions

ideapad 3-14ITL6: All versions

ideapad 3-15IIL05: All versions

ideapad 3-15IML05: All versions

ideapad 3-15ITL05: All versions

ideapad 3-15ITL6: All versions

ideapad 3-17IML05: All versions

ideapad 5-15IIL05: All versions

ideapad Creator 5-15IMH05: All versions

ideapad Gaming 3-15IMH05: All versions

IdeaPad Yoga 9 14IAP7: before HNCN42WW

External links

http://support.lenovo.com/us/en/product_security/LEN-103710

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper access control

EUVDB-ID: #VU68894

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3746

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to exposed Embedded Controller (EC) interface in LCFC BIOS. A local user can access to the exposed controller interface and cause some peripherals to work abnormally.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IdeaPad 1 14IAU7: All versions

IdeaPad 1 14IGL7: All versions

IdeaPad 1 15IAU7: All versions

IdeaPad 1 15IGL7: All versions

IdeaPad 1-14IJL7: All versions

IdeaPad 1-15IJL7: All versions

IdeaPad 3 14IAU7: All versions

IdeaPad 3 15IAU7: All versions

IdeaPad 3 17IAU7: All versions

IdeaPad 3-15IGL05: All versions

IdeaPad 3-17IIL05: All versions

IdeaPad 3-17ITL6: All versions

IdeaPad 5 15IAL7: All versions

ideapad L3-15IML05: All versions

ideapad L3-15ITL6: All versions

Lenovo Legion 5 15IAH7: All versions

Lenovo Legion 5 15IAH7H: All versions

Lenovo Legion 5 Pro 16IAH7: All versions

Lenovo Legion 5 Pro 16IAH7H: All versions

Lenovo Legion 5 Pro-16ITH6: All versions

Lenovo Legion 5 Pro-16ITH6H: All versions

Lenovo Legion 5-15IMH05: All versions

Lenovo Legion 5-15IMH05H: All versions

Lenovo Legion 5-15IMH6: All versions

Lenovo Legion 5-15ITH6: All versions

Lenovo Legion 5-15ITH6H: All versions

Lenovo Legion 5-17IMH05: All versions

Lenovo Legion 5-17IMH05H: All versions

Lenovo Legion 5-17ITH6: All versions

Lenovo Legion 5-17ITH6H: All versions

Lenovo Legion 5P-15IMH05: All versions

Lenovo Legion 5P-15IMH05H: All versions

Lenovo Legion 7-16ITHg6: All versions

Lenovo S14 G2 ITL: All versions

Lenovo S14 G3 IAP: All versions

Lenovo Slim 7 14IAP7: All versions

Lenovo Slim 7 Carbon 13IAP7: All versions

Lenovo ThinkBook 15p IMH: All versions

Lenovo V14 G2 IJL: All versions

Lenovo V14 G3 IAP: All versions

Lenovo V15 G2 IJL: All versions

Lenovo V15 G3 IAP: All versions

Lenovo V17 G3 IAP: All versions

ideapad S540-13ITL: All versions

ThinkBook 15P G2 ITH: All versions

Lenovo V14 G1-IML: All versions

Lenovo V14 G2-ITL: All versions

Lenovo V14-IGL: All versions

Lenovo V15 G1-IML: All versions

Lenovo V15 G2-ITL: All versions

Lenovo V15-IGL: All versions

Lenovo V17 G2-ITL: All versions

Lenovo V17-IIL: All versions

Yoga 7 14IAL7: All versions

Yoga 7 16IAH7: All versions

IdeaPad Yoga 7 16IAP7: All versions

ideapad Yoga 7-14ITL5: All versions

ideapad Yoga 7-15ITL5: All versions

Yoga Slim 7 Carbon 13IAP7: All versions

Yoga Slim 7 Pro 14IAH7: All versions

IdeaPad Yoga Slim 7 Pro 14IAP7: All versions

ideapad 3-14IGL05: All versions

ideapad 3-14IIL05: All versions

ideapad 3-14IML05: All versions

ideapad 3-14ITL05: All versions

ideapad 3-14ITL6: All versions

ideapad 3-15IIL05: All versions

ideapad 3-15IML05: All versions

ideapad 3-15ITL05: All versions

ideapad 3-15ITL6: All versions

ideapad 3-17IML05: All versions

ideapad 5-15IIL05: All versions

ideapad Creator 5-15IMH05: All versions

ideapad Gaming 3-15IMH05: All versions

IdeaPad Yoga 9 14IAP7: before HNCN42WW

External links

http://support.lenovo.com/us/en/product_security/LEN-103710

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.