CVE-2022-1107: Input Validation
First published: Fri Apr 22 2022(Updated: )
During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo Thinkpad 11e Firmware | <n15et78w | |
| Lenovo Thinkpad 11e | ||
| Lenovo Thinkpad Helix Firmware | <n17eta8w | |
| Lenovo Thinkpad Helix | ||
| Lenovo Thinkpad L560 Firmware | <n1het85w | |
| Lenovo Thinkpad L560 | ||
| Lenovo Thinkpad L570 Firmware | <n1xet65w | |
| Lenovo Thinkpad L570 | ||
| Lenovo Thinkpad P50s Firmware | <n1ket46w | |
| Lenovo Thinkpad P50s | ||
| Lenovo Thinkpad P51s Firmware | <n1vet50w | |
| Lenovo Thinkpad P51s | ||
| Lenovo Thinkpad P52s Firmware | <n27et36w | |
| Lenovo Thinkpad P52s | ||
| Lenovo Thinkpad S540 Firmware | <gpet80ww | |
| Lenovo Thinkpad S540 | ||
| Lenovo Thinkpad T550 Firmware | <n11et50w | |
| Lenovo Thinkpad T550 | ||
| Lenovo Thinkpad T560 Firmware | <n1ket46w | |
| Lenovo Thinkpad T560 | ||
| Lenovo Thinkpad T570 Firmware | <n1vet50w | |
| Lenovo Thinkpad T570 | ||
| Lenovo Thinkpad T580 Firmware | <n27et36w | |
| Lenovo Thinkpad T580 | ||
| Lenovo Thinkpad X1 Tablet Gen 1 Firmware | <n1let86w | |
| Lenovo Thinkpad X1 Tablet Gen 1 | ||
| Lenovo Thinkpad X1 Tablet Gen 2 Firmware | <n1oet50w | |
| Lenovo Thinkpad X1 Tablet Gen 2 | ||
| Lenovo Thinkpad W540 Firmware | <gnet92ww | |
| Lenovo Thinkpad W540 | ||
| Lenovo Thinkpad W541 Firmware | <gnet92ww | |
| Lenovo Thinkpad W541 | ||
| Lenovo Thinkpad W550s Firmware | <n11et50w | |
| Lenovo Thinkpad W550s | ||
| Lenovo Thinkpad X1 Carbon 3rd Gen Firmware | <n14et52w | |
| Lenovo Thinkpad X1 Carbon 3rd Gen | ||
| Lenovo Thinkpad X1 Carbon 4th Gen Firmware | <n1fet70w | |
| Lenovo Thinkpad X1 Carbon 4th Gen | ||
| Lenovo Thinkpad X1 Carbon 5th Gen Kabylake Firmware | <n1met55w | |
| Lenovo Thinkpad X1 Carbon 5th Gen Kabylake | ||
| Lenovo Thinkpad X1 Carbon 5th Gen Skylake Firmware | <n1met55w | |
| Lenovo Thinkpad X1 Carbon 5th Gen Skylake | ||
| Lenovo Thinkpad X1 Yoga Firmware | <n1fet70w | |
| Lenovo Thinkpad X1 Yoga | ||
| Lenovo Thinkpad X1 Yoga Gen 2 Firmware | <n1net47w | |
| Lenovo Thinkpad X1 Yoga Gen 2 | ||
| Lenovo Thinkpad X1 Yoga Gen 3 Firmware | <n25et50w | |
| Lenovo Thinkpad X1 Yoga Gen 3 | ||
| Lenovo Thinkpad X250 Firmware | <n10et58w | |
| Lenovo Thinkpad X250 | ||
| Lenovo Thinkpad X280 Firmware | <n20et44w | |
| Lenovo Thinkpad X280 | ||
| Lenovo Thinkpad X390 Firmware | <n2let60w | |
| Lenovo Thinkpad X390 | ||
| Lenovo Thinkpad 11e Yoga Firmware | <n15et78w | |
| Lenovo Thinkpad 11e Yoga | ||
| Lenovo Thinkpad Yoga 15 Firmware | <n19et61w | |
| Lenovo Thinkpad Yoga 15 | ||
| Lenovo Thinkpad Yoga 260 Firmware | <n1get98w | |
| Lenovo Thinkpad Yoga 260 |
Remedy
Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-84943.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/first-publish-date
- agent/description
- agent/tags
- agent/event
- vendor/lenovo
- canonical/lenovo thinkpad 11e firmware
- canonical/lenovo thinkpad 11e
- canonical/lenovo thinkpad helix firmware
- canonical/lenovo thinkpad helix
- canonical/lenovo thinkpad l560 firmware
- canonical/lenovo thinkpad l560
- canonical/lenovo thinkpad l570 firmware
- canonical/lenovo thinkpad l570
- canonical/lenovo thinkpad p50s firmware
- canonical/lenovo thinkpad p50s
- canonical/lenovo thinkpad p51s firmware
- canonical/lenovo thinkpad p51s
- canonical/lenovo thinkpad p52s firmware
- canonical/lenovo thinkpad p52s
- canonical/lenovo thinkpad s540 firmware
- canonical/lenovo thinkpad s540
- canonical/lenovo thinkpad t550 firmware
- canonical/lenovo thinkpad t550
- canonical/lenovo thinkpad t560 firmware
- canonical/lenovo thinkpad t560
- canonical/lenovo thinkpad t570 firmware
- canonical/lenovo thinkpad t570
- canonical/lenovo thinkpad t580 firmware
- canonical/lenovo thinkpad t580
- canonical/lenovo thinkpad x1 tablet gen 1 firmware
- canonical/lenovo thinkpad x1 tablet gen 1
- canonical/lenovo thinkpad x1 tablet gen 2 firmware
- canonical/lenovo thinkpad x1 tablet gen 2
- canonical/lenovo thinkpad w540 firmware
- canonical/lenovo thinkpad w540
- canonical/lenovo thinkpad w541 firmware
- canonical/lenovo thinkpad w541
- canonical/lenovo thinkpad w550s firmware
- canonical/lenovo thinkpad w550s
- canonical/lenovo thinkpad x1 carbon 3rd gen firmware
- canonical/lenovo thinkpad x1 carbon 3rd gen
- canonical/lenovo thinkpad x1 carbon 4th gen firmware
- canonical/lenovo thinkpad x1 carbon 4th gen
- canonical/lenovo thinkpad x1 carbon 5th gen kabylake firmware
- canonical/lenovo thinkpad x1 carbon 5th gen kabylake
- canonical/lenovo thinkpad x1 carbon 5th gen skylake firmware
- canonical/lenovo thinkpad x1 carbon 5th gen skylake
- canonical/lenovo thinkpad x1 yoga firmware
- canonical/lenovo thinkpad x1 yoga
- canonical/lenovo thinkpad x1 yoga gen 2 firmware
- canonical/lenovo thinkpad x1 yoga gen 2
- canonical/lenovo thinkpad x1 yoga gen 3 firmware
- canonical/lenovo thinkpad x1 yoga gen 3
- canonical/lenovo thinkpad x250 firmware
- canonical/lenovo thinkpad x250
- canonical/lenovo thinkpad x280 firmware
- canonical/lenovo thinkpad x280
- canonical/lenovo thinkpad x390 firmware
- canonical/lenovo thinkpad x390
- canonical/lenovo thinkpad 11e yoga firmware
- canonical/lenovo thinkpad 11e yoga
- canonical/lenovo thinkpad yoga 15 firmware
- canonical/lenovo thinkpad yoga 15
- canonical/lenovo thinkpad yoga 260 firmware
- canonical/lenovo thinkpad yoga 260