CVE-2022-1891: Buffer Overflow
First published: Mon Jan 23 2023(Updated: )
A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo Thinkbook 14-iml Firmware | <cjcn38ww | |
| Lenovo Thinkbook 14-iml | ||
| Lenovo Thinkbook 14-iil Firmware | <djcn28ww | |
| Lenovo Thinkbook 14-iil | ||
| Lenovo Thinkbook 15-iil Firmware | <djcn28ww | |
| Lenovo Thinkbook 15-iil | ||
| Lenovo Thinkbook 15-iml Firmware | <cjcn38ww | |
| Lenovo Thinkbook 15-iml | ||
| Lenovo Yoga C640-13iml Lte Firmware | <chcn28ww | |
| Lenovo Yoga C640-13iml Lte | ||
| Lenovo Yoga C640-13iml Firmware | <chcn28ww | |
| Lenovo Yoga C640-13iml |
Remedy
Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-91369
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-1891?
CVE-2022-1891 is a vulnerability that involves a buffer overflow in the SystemLoadDefaultDxe driver in certain Lenovo Notebook products, allowing an attacker with local privileges to execute arbitrary code.
Which Lenovo Notebook products are affected by CVE-2022-1891?
CVE-2022-1891 affects Lenovo Thinkbook 14-iml Firmware (version up to exclusive cjcn38ww), Lenovo Thinkbook 14-iil Firmware (version up to exclusive djcn28ww), Lenovo Thinkbook 15-iil Firmware (version up to exclusive djcn28ww), Lenovo Thinkbook 15-iml Firmware (version up to exclusive cjcn38ww), Lenovo Yoga C640-13iml Lte Firmware (version up to exclusive chcn28ww), and Lenovo Yoga C640-13iml Firmware (version up to exclusive chcn28ww).
What is the severity of CVE-2022-1891?
CVE-2022-1891 has a severity rating of 7.8 (High).
How can an attacker exploit CVE-2022-1891?
An attacker with local privileges can exploit CVE-2022-1891 by leveraging the buffer overflow in the SystemLoadDefaultDxe driver to execute arbitrary code.
Where can I find more information about CVE-2022-1891?
You can find more information about CVE-2022-1891 on the Lenovo product security page: https://support.lenovo.com/us/en/product_security/LEN-91369
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/remedy
- agent/author
- agent/references
- agent/tags
- agent/event
- agent/first-publish-date
- agent/description
- vendor/lenovo
- canonical/lenovo thinkbook 14-iml firmware
- canonical/lenovo thinkbook 14-iml
- canonical/lenovo thinkbook 14-iil firmware
- canonical/lenovo thinkbook 14-iil
- canonical/lenovo thinkbook 15-iil firmware
- canonical/lenovo thinkbook 15-iil
- canonical/lenovo thinkbook 15-iml firmware
- canonical/lenovo thinkbook 15-iml
- canonical/lenovo yoga c640-13iml lte firmware
- canonical/lenovo yoga c640-13iml lte
- canonical/lenovo yoga c640-13iml firmware
- canonical/lenovo yoga c640-13iml