First published: Fri Apr 22 2022(Updated: )
A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code.
Credit: psirt@lenovo.com
Affected Software | Affected Version | How to fix |
---|---|---|
Lenovo Thinkpad X1 Fold Gen 1 Firmware | <n2pet50w | |
Lenovo Thinkpad X1 Fold Gen 1 |
Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-84943.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-1108 is a potential vulnerability in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 firmware, which could allow an attacker with local access and elevated privileges to execute arbitrary code.
An attacker with local access and elevated privileges could exploit CVE-2022-1108 by taking advantage of the improper buffer validation in the SMI handler LenovoFlashDeviceInterface to execute arbitrary code.
CVE-2022-1108 has a severity rating of 6.7 (high).
The Thinkpad X1 Fold Gen 1 firmware with version up to and excluding n2pet50w is affected by CVE-2022-1108.
Apply the latest firmware update provided by Lenovo to fix CVE-2022-1108.