#VU62282 Security restrictions bypass in Lenovo products - CVE-2022-1107
Published: April 13, 2022
Vulnerability identifier: #VU62282
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-1107
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
ThinkPad 11e 20D9
ThinkPad 11e 20DA
ThinkPad Helix 20CG
ThinkPad Helix 20CH
ThinkPad L560
ThinkPad L570 20J8
ThinkPad L570 20J9
ThinkPad L570 20JQ
ThinkPad L570 20JR
ThinkPad P50s
ThinkPad P51s 20HB
ThinkPad P51s 20HC
ThinkPad P51s 20JY
ThinkPad P51s 20K0
ThinkPad P52s 20LB
ThinkPad P52s 20LC
ThinkPad S540
ThinkPad T550
ThinkPad T560
ThinkPad T570 20H9
ThinkPad T570 20HA
ThinkPad T570 20JW
ThinkPad T570 20JX
ThinkPad T580 20L9
ThinkPad T580 20LA
ThinkPad X1 Tablet 1st Gen 20GG
ThinkPad X1 Tablet 1st Gen 20GH
ThinkPad X1 Tablet 2nd Gen 20JB
ThinkPad X1 Tablet 2nd Gen 20JC
ThinkPad W540
ThinkPad W541
ThinkPad W550s
ThinkPad X1 Carbon 3rd Gen 20BS
ThinkPad X1 Carbon 3rd Gen 20BT
ThinkPad X1 Carbon 4th Gen 20FB
ThinkPad X1 Carbon 4th Gen 20FC
ThinkPad X1 Carbon 5th Gen - Kabylake 20HR
ThinkPad X1 Carbon 5th Gen - Kabylake 20HQ
ThinkPad X1 Carbon 5th Gen - Skylake 20K4
ThinkPad X1 Carbon 5th Gen - Skylake 20K3
ThinkPad X1 Yoga 1st Gen 20FQ
ThinkPad X1 Yoga 1st Gen 20FR
ThinkPad X1 Yoga 2nd Gen 20JD
ThinkPad X1 Yoga 2nd Gen 20JE
ThinkPad X1 Yoga 2nd Gen 20JF
ThinkPad X1 Yoga 2nd Gen 20JG
ThinkPad X1 Yoga 3rd Gen 20LD
ThinkPad X1 Yoga 3rd Gen 20LE
ThinkPad X1 Yoga 3rd Gen 20LF
ThinkPad X1 Yoga 3rd Gen 20LG
ThinkPad X250
ThinkPad X280 20KF
ThinkPad X280 20KE
ThinkPad X390 Yoga
ThinkPad Yoga 11e 20D9
ThinkPad Yoga 11e 20DA
ThinkPad Yoga 15
ThinkPad Yoga 260
ThinkPad 11e 20D9
ThinkPad 11e 20DA
ThinkPad Helix 20CG
ThinkPad Helix 20CH
ThinkPad L560
ThinkPad L570 20J8
ThinkPad L570 20J9
ThinkPad L570 20JQ
ThinkPad L570 20JR
ThinkPad P50s
ThinkPad P51s 20HB
ThinkPad P51s 20HC
ThinkPad P51s 20JY
ThinkPad P51s 20K0
ThinkPad P52s 20LB
ThinkPad P52s 20LC
ThinkPad S540
ThinkPad T550
ThinkPad T560
ThinkPad T570 20H9
ThinkPad T570 20HA
ThinkPad T570 20JW
ThinkPad T570 20JX
ThinkPad T580 20L9
ThinkPad T580 20LA
ThinkPad X1 Tablet 1st Gen 20GG
ThinkPad X1 Tablet 1st Gen 20GH
ThinkPad X1 Tablet 2nd Gen 20JB
ThinkPad X1 Tablet 2nd Gen 20JC
ThinkPad W540
ThinkPad W541
ThinkPad W550s
ThinkPad X1 Carbon 3rd Gen 20BS
ThinkPad X1 Carbon 3rd Gen 20BT
ThinkPad X1 Carbon 4th Gen 20FB
ThinkPad X1 Carbon 4th Gen 20FC
ThinkPad X1 Carbon 5th Gen - Kabylake 20HR
ThinkPad X1 Carbon 5th Gen - Kabylake 20HQ
ThinkPad X1 Carbon 5th Gen - Skylake 20K4
ThinkPad X1 Carbon 5th Gen - Skylake 20K3
ThinkPad X1 Yoga 1st Gen 20FQ
ThinkPad X1 Yoga 1st Gen 20FR
ThinkPad X1 Yoga 2nd Gen 20JD
ThinkPad X1 Yoga 2nd Gen 20JE
ThinkPad X1 Yoga 2nd Gen 20JF
ThinkPad X1 Yoga 2nd Gen 20JG
ThinkPad X1 Yoga 3rd Gen 20LD
ThinkPad X1 Yoga 3rd Gen 20LE
ThinkPad X1 Yoga 3rd Gen 20LF
ThinkPad X1 Yoga 3rd Gen 20LG
ThinkPad X250
ThinkPad X280 20KF
ThinkPad X280 20KE
ThinkPad X390 Yoga
ThinkPad Yoga 11e 20D9
ThinkPad Yoga 11e 20DA
ThinkPad Yoga 15
ThinkPad Yoga 260
Software vendor:
Lenovo
Lenovo
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of Boot Services in the SmmOEMInt15 SMI handler. A local user can bypass implemented security restrictions and execute arbitrary code with elevated privileges.
Remediation
Install updates from vendor's website.