CVE-2022-1892: Buffer Overflow
First published: Mon Jan 23 2023(Updated: )
A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo 100E 2nd Gen Firmware | <frcn23ww | |
| Lenovo 100E 2nd Gen Firmware | ||
| Lenovo 100w Gen 3 Firmware | <gacn38ww | |
| Lenovo 100w Gen 3 Firmware | ||
| Lenovo 13w Yoga Gen 2 Firmware | <jacn31ww | |
| Lenovo 13w Yoga Gen 2 Firmware | ||
| Lenovo 14w Gen 2 | <h0cn21ww | |
| Lenovo 14w Gen 2 | ||
| Lenovo 300e 2nd Gen Firmware | <frcn23ww | |
| Lenovo 300e 2nd Gen Firmware | ||
| Lenovo 300w Gen 3 Firmware | <gacn38ww | |
| Lenovo 300w Gen 3 Firmware | ||
| Lenovo 500w Gen 3 Firmware | <g6cn40ww | |
| Lenovo 500w Gen 3 Firmware | ||
| Lenovo 730s-13iwl firmware | <brcn20ww | |
| Lenovo 730s-13iml firmware | ||
| Lenovo Flex 3-11ADA05 | <fpcn26ww | |
| Lenovo Flex 3-11ADA05 Firmware | ||
| Lenovo Ideapad Flex 5-14ALC05 Firmware | <gjcn27ww | |
| Lenovo Flex 5 14ALC05 | ||
| Lenovo Flex 5 14ARE05 Firmware | <eecn39ww | |
| Lenovo Flex 5 14ARE05 Firmware | ||
| Lenovo Flex 5 14iil05 | <eecn40ww | |
| Lenovo Flex 5 14iil05 | ||
| Lenovo Flex 5 14ITL05 | <fxcn38ww | |
| Lenovo Flex 5 14ITL05 | ||
| Lenovo Flex 5 15ALC05 Firmware | <gjcn27ww | |
| Lenovo Flex 5 15ALC05 | ||
| Lenovo Flex 5-15IIL05 | <eccn40ww | |
| Lenovo Flex 5-1570 | ||
| Lenovo Flex 5-15ITL05 | <fxcn38ww | |
| Lenovo Flex 5-1570 | ||
| Lenovo Ideapad 1-11ada05 | <fqcn26ww | |
| Lenovo Ideapad 1-11ADA05 Firmware | ||
| Lenovo Ideapad 1-14igl05 | <dwcn24ww | |
| Lenovo Ideapad 1-11IGL05 | ||
| Lenovo Ideapad 1-14ada05 | <fqcn26ww | |
| Lenovo Ideapad 1-14ADA05 Firmware | ||
| Lenovo Ideapad 1-14igl05 | <dwcn24ww | |
| Lenovo Ideapad 1-11IGL05 | ||
| Lenovo Ideapad 3-15ada05 | <e8cn36ww | |
| Lenovo Ideapad 3 | ||
| Lenovo Ideapad 3-14ada05 Firmware | <e8cn36ww | |
| Lenovo Ideapad 3-14ada05 Firmware | ||
| Lenovo ideapad 3-14ada6 firmware | <hbcn24ww | |
| Lenovo ideapad 3-14ada6 firmware | ||
| Lenovo Ideapad 3-14ALC6 | <glcn48ww | |
| Lenovo Ideapad 3-14alc6 firmware | ||
| Lenovo Ideapad 3 | <hbcn24ww | |
| Lenovo Ideapad 3 | ||
| Lenovo Ideapad 3-15ALC6 Firmware | <glcn48ww | |
| Lenovo Ideapad 3-15ALC6 Firmware | ||
| Lenovo Ideapad 3-17ALC6 Firmware | <e8cn36ww | |
| Lenovo Ideapad 3-17ALC6 Firmware | ||
| Lenovo Ideapad 3-17ADA05 Firmware | <hbcn24ww | |
| Lenovo Ideapad 3-17ADA05 Firmware | ||
| Lenovo Ideapad 3-17ADA6 | <glcn48ww | |
| Lenovo Ideapad 3 | ||
| Lenovo Ideapad 5 15aba7 Firmware | <kacn14ww | |
| Lenovo Ideapad 5 15aba7 Firmware | ||
| Lenovo IdeaPad Flex 5 14ALC7 Firmware | <jccn29ww | |
| Lenovo IdeaPad Flex 5 14ALC7 Firmware | ||
| Lenovo Ideapad Flex 5 16ALC7 | <jccn29ww | |
| Lenovo Ideapad Flex 5 16ALC7 | ||
| Lenovo Legion S7-15IMH5 Firmware | <hacn37ww | |
| Lenovo Legion S7 15IMH5 | ||
| Lenovo Legion S7-15ACH6 | <g1cn27ww | |
| Lenovo Legion S7-15ACH6 Firmware | ||
| Lenovo Legion S7 | <fdcn40ww | |
| Lenovo Legion S7 | ||
| Lenovo S145-14IGM Firmware | <bucn33ww | |
| Lenovo S145-14API | ||
| Lenovo S145-14IGM Firmware | <aycn28ww | |
| Lenovo S145-14AST | ||
| Lenovo S145-15api Firmware | <bucn33ww | |
| Lenovo S145-15api Firmware | ||
| Lenovo S145-15AST Firmware | <aycn28ww | |
| Lenovo S145-15api Firmware | ||
| Lenovo S540-13API | <cxcn36ww | |
| Lenovo S540-13API Firmware | ||
| Lenovo Ideapad S940-14IIL | <bqcn34ww | |
| Lenovo Ideapad S940-14IIL | ||
| Lenovo Yoga C940-14IIL | <bqcn34ww | |
| Lenovo Ideapad Yoga S940-14IIL | ||
| Lenovo Ideapad Slim 1-14ast-05 | <cwcn25ww | |
| Lenovo Ideapad Slim 1-14ast-05 | ||
| Lenovo Ideapad Slim 1-11ast-05 | <cwcn25ww | |
| Lenovo Ideapad Slim 1-11ast-05 | ||
| Lenovo ThinkBook 13s G3 ACN | <gmcn29ww | |
| Lenovo ThinkBook 13s G3 ACN | ||
| Lenovo ThinkBook 13s G2 ARE Firmware | <fvcn24ww | |
| Lenovo ThinkBook 13s G2 ARE Firmware | ||
| Lenovo Thinkbook 13s G2 ITL Firmware | <f9cn50ww | |
| Lenovo Thinkbook 13s G2 ITL Firmware | ||
| Lenovo Thinkbook 13s-iwl Firmware | <cqcn37ww | |
| Lenovo Thinkbook 13s-IML Firmware | ||
| Lenovo ThinkBook 14 iil Firmware | <djcn28ww | |
| Lenovo ThinkBook 14 iil | ||
| Lenovo Thinkbook 14 IMl Firmware | <cjcn38ww | |
| Lenovo Thinkbook 14 IMl | ||
| Lenovo ThinkBook 14p G2 ACH | <gwcn41ww | |
| Lenovo ThinkBook 14p G2 ACH | ||
| Lenovo Thinkbook 14s G2 ITL Firmware | <f9cn50ww | |
| Lenovo Thinkbook 14s G2 ITL Firmware | ||
| Lenovo ThinkBook 14s-IML Firmware | <cqcn37ww | |
| Lenovo ThinkBook 14s-IML | ||
| Lenovo Thinkbook 15-iil Firmware | <djcn28ww | |
| Lenovo Thinkbook 15-iil Firmware | ||
| Lenovo ThinkBook 15-IML Firmware | <cjcn38ww | |
| Lenovo ThinkBook 15 IML | ||
| Lenovo ThinkBook 16p G2 ACH Firmware | <gxcn42ww | |
| Lenovo ThinkBook 16p G2 ACH Firmware | ||
| Lenovo v130-15ikb firmware | <8vcn31ww | |
| Lenovo v130-15ikb | ||
| Lenovo V14 G2-ALC | <glcn48ww | |
| Lenovo V14 G2-ALC | ||
| Lenovo v14-ada firmware | <e8cn36ww | |
| Lenovo v14-ada firmware | ||
| Lenovo V15 G2-ALC | <glcn48ww | |
| Lenovo v15 g2 ijl | ||
| Lenovo v15-ada firmware | <e8cn36ww | |
| Lenovo v15-ada firmware | ||
| Lenovo Yoga 9-15IMH5 | <epcn28ww | |
| Lenovo Yoga 9-15IMH5 | ||
| Lenovo C640-IML Firmware | <chcn28ww | |
| Lenovo Yoga C640-13IML | ||
| Lenovo Yoga C640-13IML | <chcn28ww | |
| Lenovo Yoga C640-13IML LTE Firmware | ||
| Lenovo Yoga C940 Firmware | <bscn37ww | |
| Lenovo Yoga C940 Firmware | ||
| Lenovo 730s-13IML firmware | <brcn20ww | |
| Lenovo IdeaPad Yoga S730-13IML | ||
| Lenovo Yoga Slim 7 Pro 14ACH5 Firmware | <gzcn29ww | |
| Lenovo Yoga Slim 7 Pro 14ACH5 Firmware | ||
| Lenovo Yoga Slim 7 Pro 14ACH5 O Firmware | <gzcn29ww | |
| Lenovo Yoga Slim 7 Pro-14ach5 | ||
| Lenovo Yoga Slim 7 Pro 14ARH5 Firmware | <gzcn24ww | |
| Lenovo Yoga Slim 7 Pro | ||
| Lenovo Ideapad Flex 5-15ALC05 Firmware | <h2cn27ww | |
| Lenovo Ideapad 5-15alc05 Firmware |
Remedy
Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-91369
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-1892?
CVE-2022-1892 is classified as a high severity vulnerability due to its ability to allow an attacker with local privileges to execute arbitrary code.
How do I fix CVE-2022-1892?
To fix CVE-2022-1892, update the affected Lenovo firmware to the latest version as per the manufacturer's security advisory.
What products are affected by CVE-2022-1892?
CVE-2022-1892 affects several Lenovo Notebook products, including the 100E 2nd Gen, 100w Gen 3, 13w Yoga Gen 2, and others.
Who can exploit CVE-2022-1892?
An attacker with local privileges can exploit CVE-2022-1892 to execute arbitrary code on the affected system.
Are there any workarounds for CVE-2022-1892?
Currently, the best workaround for CVE-2022-1892 is to ensure that the system is updated to the latest firmware version.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/remedy
- agent/author
- agent/references
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/lenovo
- canonical/lenovo 100e 2nd gen firmware
- canonical/lenovo 100w gen 3 firmware
- canonical/lenovo 13w yoga gen 2 firmware
- canonical/lenovo 14w gen 2
- canonical/lenovo 300e 2nd gen firmware
- canonical/lenovo 300w gen 3 firmware
- canonical/lenovo 500w gen 3 firmware
- canonical/lenovo 730s-13iwl firmware
- canonical/lenovo 730s-13iml firmware
- canonical/lenovo flex 3-11ada05
- canonical/lenovo flex 3-11ada05 firmware
- canonical/lenovo ideapad flex 5-14alc05 firmware
- canonical/lenovo flex 5 14alc05
- canonical/lenovo flex 5 14are05 firmware
- canonical/lenovo flex 5 14iil05
- canonical/lenovo flex 5 14itl05
- canonical/lenovo flex 5 15alc05 firmware
- canonical/lenovo flex 5 15alc05
- canonical/lenovo flex 5-15iil05
- canonical/lenovo flex 5-1570
- canonical/lenovo flex 5-15itl05
- canonical/lenovo ideapad 1-11ada05
- canonical/lenovo ideapad 1-11ada05 firmware
- canonical/lenovo ideapad 1-14igl05
- canonical/lenovo ideapad 1-11igl05
- canonical/lenovo ideapad 1-14ada05
- canonical/lenovo ideapad 1-14ada05 firmware
- canonical/lenovo ideapad 3-15ada05
- canonical/lenovo ideapad 3
- canonical/lenovo ideapad 3-14ada05 firmware
- canonical/lenovo ideapad 3-14ada6 firmware
- canonical/lenovo ideapad 3-14alc6
- canonical/lenovo ideapad 3-14alc6 firmware
- canonical/lenovo ideapad 3-15alc6 firmware
- canonical/lenovo ideapad 3-17alc6 firmware
- canonical/lenovo ideapad 3-17ada05 firmware
- canonical/lenovo ideapad 3-17ada6
- canonical/lenovo ideapad 5 15aba7 firmware
- canonical/lenovo ideapad flex 5 14alc7 firmware
- canonical/lenovo ideapad flex 5 16alc7
- canonical/lenovo legion s7-15imh5 firmware
- canonical/lenovo legion s7 15imh5
- canonical/lenovo legion s7-15ach6
- canonical/lenovo legion s7-15ach6 firmware
- canonical/lenovo legion s7
- canonical/lenovo s145-14igm firmware
- canonical/lenovo s145-14api
- canonical/lenovo s145-14ast
- canonical/lenovo s145-15api firmware
- canonical/lenovo s145-15ast firmware
- canonical/lenovo s540-13api
- canonical/lenovo s540-13api firmware
- canonical/lenovo ideapad s940-14iil
- canonical/lenovo yoga c940-14iil
- canonical/lenovo ideapad yoga s940-14iil
- canonical/lenovo ideapad slim 1-14ast-05
- canonical/lenovo ideapad slim 1-11ast-05
- canonical/lenovo thinkbook 13s g3 acn
- canonical/lenovo thinkbook 13s g2 are firmware
- canonical/lenovo thinkbook 13s g2 itl firmware
- canonical/lenovo thinkbook 13s-iwl firmware
- canonical/lenovo thinkbook 13s-iml firmware
- canonical/lenovo thinkbook 14 iil firmware
- canonical/lenovo thinkbook 14 iil
- canonical/lenovo thinkbook 14 iml firmware
- canonical/lenovo thinkbook 14 iml
- canonical/lenovo thinkbook 14p g2 ach
- canonical/lenovo thinkbook 14s g2 itl firmware
- canonical/lenovo thinkbook 14s-iml firmware
- canonical/lenovo thinkbook 14s-iml
- canonical/lenovo thinkbook 15-iil firmware
- canonical/lenovo thinkbook 15-iml firmware
- canonical/lenovo thinkbook 15 iml
- canonical/lenovo thinkbook 16p g2 ach firmware
- canonical/lenovo v130-15ikb firmware
- canonical/lenovo v130-15ikb
- canonical/lenovo v14 g2-alc
- canonical/lenovo v14-ada firmware
- canonical/lenovo v15 g2-alc
- canonical/lenovo v15 g2 ijl
- canonical/lenovo v15-ada firmware
- canonical/lenovo yoga 9-15imh5
- canonical/lenovo c640-iml firmware
- canonical/lenovo yoga c640-13iml
- canonical/lenovo yoga c640-13iml lte firmware
- canonical/lenovo yoga c940 firmware
- canonical/lenovo ideapad yoga s730-13iml
- canonical/lenovo yoga slim 7 pro 14ach5 firmware
- canonical/lenovo yoga slim 7 pro 14ach5 o firmware
- canonical/lenovo yoga slim 7 pro-14ach5
- canonical/lenovo yoga slim 7 pro 14arh5 firmware
- canonical/lenovo yoga slim 7 pro
- canonical/lenovo ideapad flex 5-15alc05 firmware
- canonical/lenovo ideapad 5-15alc05 firmware