Vulnerability identifier: #VU62282

Vulnerability risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1107

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
ThinkPad 11e 20D9
Hardware solutions / Firmware
ThinkPad 11e 20DA
Hardware solutions / Firmware
ThinkPad Helix 20CG
Hardware solutions / Firmware
ThinkPad Helix 20CH
Hardware solutions / Firmware
ThinkPad L560
Hardware solutions / Firmware
ThinkPad L570 20J8
Hardware solutions / Firmware
ThinkPad L570 20J9
Hardware solutions / Firmware
ThinkPad L570 20JQ
Hardware solutions / Firmware
ThinkPad L570 20JR
Hardware solutions / Firmware
ThinkPad P50s
Hardware solutions / Firmware
ThinkPad P51s 20HB
Hardware solutions / Firmware
ThinkPad P51s 20HC
Hardware solutions / Firmware
ThinkPad P51s 20JY
Hardware solutions / Firmware
ThinkPad P51s 20K0
Hardware solutions / Firmware
ThinkPad P52s 20LB
Hardware solutions / Firmware
ThinkPad P52s 20LC
Hardware solutions / Firmware
ThinkPad S540
Hardware solutions / Firmware
ThinkPad T550
Hardware solutions / Firmware
ThinkPad T560
Hardware solutions / Firmware
ThinkPad T570 20H9
Hardware solutions / Firmware
ThinkPad T570 20HA
Hardware solutions / Firmware
ThinkPad T570 20JW
Hardware solutions / Firmware
ThinkPad T570 20JX
Hardware solutions / Firmware
ThinkPad T580 20L9
Hardware solutions / Firmware
ThinkPad T580 20LA
Hardware solutions / Firmware
ThinkPad X1 Tablet 1st Gen 20GG
Hardware solutions / Firmware
ThinkPad X1 Tablet 1st Gen 20GH
Hardware solutions / Firmware
ThinkPad X1 Tablet 2nd Gen 20JB
Hardware solutions / Firmware
ThinkPad X1 Tablet 2nd Gen 20JC
Hardware solutions / Firmware
ThinkPad W540
Hardware solutions / Firmware
ThinkPad W541
Hardware solutions / Firmware
ThinkPad W550s
Hardware solutions / Firmware
ThinkPad X1 Carbon 3rd Gen 20BS
Hardware solutions / Firmware
ThinkPad X1 Carbon 3rd Gen 20BT
Hardware solutions / Firmware
ThinkPad X1 Carbon 4th Gen 20FB
Hardware solutions / Firmware
ThinkPad X1 Carbon 4th Gen 20FC
Hardware solutions / Firmware
ThinkPad X1 Carbon 5th Gen - Kabylake 20HR
Hardware solutions / Firmware
ThinkPad X1 Carbon 5th Gen - Kabylake 20HQ
Hardware solutions / Firmware
ThinkPad X1 Carbon 5th Gen - Skylake 20K4
Hardware solutions / Firmware
ThinkPad X1 Carbon 5th Gen - Skylake 20K3
Hardware solutions / Firmware
ThinkPad X1 Yoga 1st Gen 20FQ
Hardware solutions / Firmware
ThinkPad X1 Yoga 1st Gen 20FR
Hardware solutions / Firmware
ThinkPad X1 Yoga 2nd Gen 20JD
Hardware solutions / Firmware
ThinkPad X1 Yoga 2nd Gen 2 0JE
Hardware solutions / Firmware
ThinkPad X1 Yoga 2nd Gen 20JF
Hardware solutions / Firmware
ThinkPad X1 Yoga 2nd Gen 20JG
Hardware solutions / Firmware
ThinkPad X1 Yoga 3rd Gen 20LD
Hardware solutions / Firmware
ThinkPad X1 Yoga 3rd Gen 20LE
Hardware solutions / Firmware
ThinkPad X1 Yoga 3rd Gen 20LF
Hardware solutions / Firmware
ThinkPad X1 Yoga 3rd Gen 20LG
Hardware solutions / Firmware
ThinkPad X250
Hardware solutions / Firmware
ThinkPad X280 20KF
Hardware solutions / Firmware
ThinkPad X280 20KE
Hardware solutions / Firmware
ThinkPad X390 Yoga
Hardware solutions / Firmware
ThinkPad Yoga 11e 20D9
Hardware solutions / Firmware
ThinkPad Yoga 11e 20DA
Hardware solutions / Firmware
ThinkPad Yoga 15
Hardware solutions / Firmware
ThinkPad Yoga 260
Hardware solutions / Firmware

Vendor:

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of Boot Services in the SmmOEMInt15 SMI handler. A local user can bypass implemented security restrictions and execute arbitrary code with elevated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

---

External links
http://support.lenovo.com/lu/uk/product_security/LEN-84943

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.