medium
6.7
CWE
276
Advisory Published
Updated

CVE-2022-4575

First published: Mon Oct 30 2023(Updated: )

A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Lenovo Thinkpad 25 Firmware<1.73
Lenovo Thinkpad 25
Lenovo Thinkpad L560 Firmware<1.62
Lenovo Thinkpad L560
Lenovo Thinkpad P50 Firmware<1.71
Lenovo Thinkpad P50
Lenovo Thinkpad P50s Firmware<1.45
Lenovo Thinkpad P50s
Lenovo Thinkpad P70 Firmware<2.45
Lenovo Thinkpad P70
Lenovo Thinkpad T470 Firmware<1.73
Lenovo Thinkpad T470
Lenovo Thinkpad T470s Firmware<1.49
Lenovo Thinkpad T470s
Lenovo Thinkpad T560 Firmware<1.45
Lenovo Thinkpad T560
Lenovo Thinkpad X1 Carbon 4th Gen Firmware<1.56
Lenovo Thinkpad X1 Carbon 4th Gen
Lenovo Thinkpad X1 Yoga 1st Gen Firmware<1.56
Lenovo Thinkpad X1 Yoga 1st Gen
Lenovo Thinkpad X260 Firmware<1.50
Lenovo Thinkpad X260
Lenovo Thinkpad X270 Firmware<1.47
Lenovo Thinkpad X270
Lenovo Thinkpad Yoga 260 Firmware<1.88
Lenovo Thinkpad Yoga 260

Remedy

Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-106014.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2022-4575?

    CVE-2022-4575 is a vulnerability due to improper write protection of UEFI variables in the BIOS of certain ThinkPad models.

  • How does CVE-2022-4575 affect Lenovo ThinkPad models?

    CVE-2022-4575 allows an attacker with physical or local access and elevated privileges to bypass Secure Boot on affected ThinkPad models.

  • What is the severity of CVE-2022-4575?

    The severity of CVE-2022-4575 is medium, with a CVSS score of 6.7.

  • Which Lenovo ThinkPad models are affected by CVE-2022-4575?

    CVE-2022-4575 affects certain ThinkPad models, including ThinkPad 25, ThinkPad L560, ThinkPad P50, ThinkPad P50s, ThinkPad P70, ThinkPad T470, ThinkPad T470s, ThinkPad T560, ThinkPad X1 Carbon 4th Gen, ThinkPad X1 Yoga 1st Gen, ThinkPad X260, ThinkPad X270, and ThinkPad Yoga 260.

  • How can I fix CVE-2022-4575?

    To fix CVE-2022-4575, Lenovo has provided a firmware update for the affected ThinkPad models. Please refer to the Lenovo website for more information and instructions.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203