First published: Mon Oct 09 2023(Updated: )
A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
Credit: psirt@lenovo.com psirt@lenovo.com
Affected Software | Affected Version | How to fix |
---|---|---|
Lenovo Ideapad Creator 5-16ach6 Firmware | <gscn34ww | |
Lenovo Ideapad Creator 5-16ach6 | ||
Lenovo Ideapad 5 Pro-16ihu6 Firmware | <grcn22ww | |
Lenovo Ideapad 5 Pro-16ihu6 | ||
Lenovo Ideapad 5 Pro-16ach6 Firmware | <gscn34ww | |
Lenovo Ideapad 5 Pro-16ach6 | ||
Lenovo Yoga Slim 7-13itl05 Firmware | <f7cn39ww | |
Lenovo Yoga Slim 7-13itl05 | ||
Lenovo Yoga Slim 7-13acn05 Firmware | <ghcn28ww | |
Lenovo Yoga Slim 7-13acn05 | ||
Lenovo Yoga Slim 7 Pro 16arh7 Firmware | <klcn15ww | |
Lenovo Yoga Slim 7 Pro 16arh7 | ||
Lenovo Yoga Slim 7 Pro 16ach6 Firmware | <hucn16ww | |
Lenovo Yoga Slim 7 Pro 16ach6 | ||
Lenovo Yoga Slim 7 Carbon 13itl5 Firmware | <f7cn39ww | |
Lenovo Yoga Slim 7 Carbon 13itl5 | ||
Lenovo Yoga Duet 7-13itl6-lte Firmware | <gpcn24ww | |
Lenovo Yoga Duet 7-13itl6-lte | ||
Lenovo Yoga Duet 7-13itl6 Firmware | <gpcn24ww | |
Lenovo Yoga Duet 7-13itl6 | ||
Lenovo Yoga Duet 7-13iml05 Firmware | <ercn30ww | |
Lenovo Yoga Duet 7-13iml05 | ||
Lenovo Thinkbook Plus G3 Iap Firmware | <k6cn29ww | |
Lenovo Thinkbook Plus G3 Iap | ||
Lenovo Thinkbook Plus G2 Itg Firmware | <gycn31ww | |
Lenovo Thinkbook Plus G2 Itg | ||
Lenovo Thinkbook 16p Nx Arh Firmware | <kjcn27ww | |
Lenovo Thinkbook 16p Nx Arh | ||
Lenovo Thinkbook 16 G4\+ Iap Firmware | <hycn40ww | |
Lenovo Thinkbook 16 G4\+ Iap | ||
Lenovo Thinkbook 16 G4\+ Ara Firmware | <j6cn40ww | |
Lenovo Thinkbook 16 G4\+ Ara | ||
Lenovo Thinkbook 14 G4\+ Iap Firmware | <hycn40ww | |
Lenovo Thinkbook 14 G4\+ Iap | ||
Lenovo Thinkbook 14 G4\+ Ara Firmware | <j6cn40ww | |
Lenovo Thinkbook 14 G4\+ Ara | ||
Lenovo Thinkbook 13x Itg Firmware | <hlcn30ww | |
Lenovo Thinkbook 13x Itg | ||
Lenovo Ideapad Slim 7 Pro 16ach6 Firmware | <hucn16ww | |
Lenovo Ideapad Slim 7 Pro 16ach6 | ||
Lenovo S540-15iml Firmware | <cncn22ww | |
Lenovo S540-15iml | ||
Lenovo Slim 7 16arh7 Firmware | <klcn15ww | |
Lenovo Slim 7 16arh7 | ||
Lenovo Ideapad Duet 3 10igl5 Firmware | <eqcn37ww | |
Lenovo Ideapad Duet 3 10igl5 | ||
Lenovo Ideapad 5 Pro 16arh7 Firmware | <j4cn33ww | |
Lenovo Ideapad 5 Pro 16arh7 | ||
Lenovo D330-10igl Firmware | <g0cn11ww | |
Lenovo D330-10igl |
Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-94952
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-3431 is a potential vulnerability in a driver used during the manufacturing process on some consumer Lenovo Notebook devices.
CVE-2022-3431 may allow an attacker with elevated privileges to modify secure boot settings by modifying an NVRAM variable.
Some consumer Lenovo Notebook devices are affected by CVE-2022-3431.
CVE-2022-3431 has a severity rating of 7.8, which is considered high.
To fix CVE-2022-3431, Lenovo has released a firmware update. Please refer to the Lenovo Product Security website for more information and to download the update.