medium
6.7
CWE
276
Advisory Published
Updated

CVE-2022-3430

First published: Mon Jan 23 2023(Updated: )

A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Lenovo D330-10igl Firmware<g0cn11ww
Lenovo D330-10igl
Lenovo Ideapad 5 Pro 16iah7 Firmware<j4cn33ww
Lenovo Ideapad 5 Pro 16iah7
Lenovo Ideapad 5 Pro 16arh7 Firmware<j5cn27ww
Lenovo Ideapad 5 Pro 16arh7
Lenovo Ideapad Duet 3 10igl5 Firmware<eqcn37ww
Lenovo Ideapad Duet 3 10igl5
Lenovo Slim 7 16arh7 Firmware<klcn15ww
Lenovo Slim 7 16arh7
Lenovo Thinkbook 15p Imp Firmware<f6cn25ww
Lenovo Thinkbook 15p Imp
Lenovo Slim 7-14are05 Firmware<dmcn43ww
Lenovo Slim 7-14are05
Lenovo Ideapad Slim 7-14iil05 Firmware<dhcn35ww
Lenovo Ideapad Slim 7-14iil05
Lenovo Ideapad Slim 7-14itl05 Firmware<fbcn29ww
Lenovo Ideapad Slim 7-14itl05
Lenovo Ideapad Slim 7-15iil05 Firmware<dhcn35ww
Lenovo Ideapad Slim 7-15iil05
Lenovo Slim 7-15imh05 Firmware<dncn32ww
Lenovo Slim 7-15imh05
Lenovo Slim 7-15itl05 Firmware<fbcn29ww
Lenovo Slim 7-15itl05
Lenovo Thinkbook 13x Itg Firmware<hlcn30ww
Lenovo Thinkbook 13x Itg
Lenovo Thinkbook 14 G2 Are Firmware<facn33ww
Lenovo Thinkbook 14 G2 Are
Lenovo Thinkbook 14 G2 Itl Firmware<f8cn52ww
Lenovo Thinkbook 14 G2 Itl
Lenovo Thinkbook 14 G3 Acl Firmware<gqcn35ww_hfcn30ww
Lenovo Thinkbook 14 G3 Acl
Lenovo Thinkbook 14 G3 Itl Firmware<hrcn13ww
Lenovo Thinkbook 14 G3 Itl
Lenovo Thinkbook 14 G4\+ Ara Firmware<j6cn40ww
Lenovo Thinkbook 14 G4\+ Ara
Lenovo Thinkbook 14 G4\+ Iap Firmware<hycn40ww
Lenovo Thinkbook 14 G4\+ Iap
Lenovo Thinkbook 14p G3 Arh Firmware<k4cn31ww
Lenovo Thinkbook 14p G3 Arh
Lenovo Thinkbook 14s Yoga Itl Firmware<fncn40ww
Lenovo Thinkbook 14s Yoga Itl
Lenovo Thinkbook 15 G2 Are Firmware<facn33ww
Lenovo Thinkbook 15 G2 Are
Lenovo Thinkbook 15 G2 Itl Firmware<f8cn52ww
Lenovo Thinkbook 15 G2 Itl
Lenovo Thinkbook 15 G3 Acl Firmware<gqcn35ww_hfcn30ww
Lenovo Thinkbook 15 G3 Acl
Lenovo Thinkbook 15 G3 Itl Firmware<hrcn13ww
Lenovo Thinkbook 15 G3 Itl
Lenovo Thinkbook 15 Gd Aba Firmware<jpcn20ww
Lenovo Thinkbook 15 G4 Aba
Lenovo Thinkbook 15p G2 Ith Firmware<hjcn31ww
Lenovo Thinkbook 15p G2 Ith
Lenovo Thinkbook 16 G4\+ Ara Firmware<j6cn40ww
Lenovo Thinkbook 16 G4\+ Ara
Lenovo Thinkbook 16 G4\+ Iap Firmware<hycn40ww
Lenovo Thinkbook 16 G4\+ Iap
Lenovo Thinkbook 16p G3 Arh Firmware<kccn31ww
Lenovo Thinkbook 16p G3 Arh
Lenovo Thinkbook 16p Nx Arh Firmware<kjcn27ww
Lenovo Thinkbook 16p Nx Arh
Lenovo Thinkbook Plus G2 Itg Firmware<gycn31ww
Lenovo Thinkbook Plus G2 Itg
Lenovo Thinkbook Plus G3 Iap Firmware<k6cn29ww
Lenovo Thinkbook Plus G3 Iap
Lenovo Yoga Creator 7-15imh05 Firmware<dncn32ww
Lenovo Yoga Creator 7-15imh05
Lenovo Yoga Duet 7-13iml05 Firmware<ercn30ww
Lenovo Yoga Duet 7-13iml05
Lenovo Yoga Duet 7-13itl6 Firmware<gpcn24ww
Lenovo Yoga Duet 7-13itl6
Lenovo Yoga Duet 7-13itl6-lte Firmware<gpcn24ww
Lenovo Yoga Duet 7-13itl6-lte
Lenovo Yoga Slim 7 Pro 16arh7 Firmware<klcn15ww
Lenovo Yoga Slim 7 Pro 16arh7
Lenovo Yoga Slim 7-14are05 Firmware<dmcn43ww
Lenovo Yoga Slim 7-14are05
Lenovo Yoga Slim 7-14iil05 Firmware<dmcn35ww
Lenovo Yoga Slim 7-14iil05
Lenovo Yoga Slim 7-14itl05 Firmware<fbcn29ww
Lenovo Yoga Slim 7-14itl05
Lenovo Yoga Slim 7-15iil05 Firmware<dhcn35ww
Lenovo Yoga Slim 7-15iil05
Lenovo Yoga Slim 7-15imh05 Firmware<dncn32ww
Lenovo Yoga Slim 7-15imh05
Lenovo Yoga Slim 7-15itl05 Firmware<fbcn29ww
Lenovo Yoga Slim 7-15itl05

Remedy

Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-94952

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203