CVE-2022-48188: Buffer Overflow
First published: Mon Jun 05 2023(Updated: )
A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo Ideacentre Aio 3 21itl7 Firmware | <o5akt33 | |
| Lenovo Ideacentre Aio 3 21itl7 | ||
| Lenovo Ideacentre Aio 3-22itl6 Firmware | <o5akt33 | |
| Lenovo Ideacentre Aio 3-22itl6 | ||
| Lenovo Ideacentre Aio 3-24itl6 Firmware | <o5akt33 | |
| Lenovo Ideacentre Aio 3-24itl6 | ||
| Lenovo Ideacentre Aio 3-27itl6 Firmware | <o5akt33 | |
| Lenovo Ideacentre Aio 3-27itl6 | ||
| Lenovo Thinkcentre M720e Firmware | <m1zkt40a | |
| Lenovo Thinkcentre M720e | ||
| Lenovo Thinkcentre M720q Firmware | <m1ukt70a | |
| Lenovo Thinkcentre M720q | ||
| Lenovo Thinkcentre M720s Firmware | <m1ukt70a | |
| Lenovo Thinkcentre M720s | ||
| Lenovo Thinkcentre M720t Firmware | <m1ukt70a | |
| Lenovo Thinkcentre M720t | ||
| Lenovo Thinkcentre M725s Firmware | <m25kt63a | |
| Lenovo Thinkcentre M725s | ||
| Lenovo Thinkcentre M75s Gen 2 Firmware | <m46kt30a | |
| Lenovo Thinkcentre M75s Gen 2 | ||
| Lenovo Thinkcentre M75s Gen 2 Firmware | <m3bkt30a | |
| Lenovo Thinkcentre M75t Gen 2 Firmware | <m46kt30a | |
| Lenovo Thinkcentre M75t Gen 2 | ||
| Lenovo Thinkcentre M75t Gen 2 Firmware | <m3akt4ca | |
| Lenovo Thinkcentre M920q Firmware | <m1ukt70a | |
| Lenovo Thinkcentre M920q | ||
| Lenovo Thinkcentre M920s Firmware | <m1ukt70a | |
| Lenovo Thinkcentre M920s | ||
| Lenovo Thinkcentre M920t Firmware | <m1ukt70a | |
| Lenovo Thinkcentre M920t | ||
| Lenovo Thinkcentre M920x Firmware | <m1ukt70a | |
| Lenovo Thinkcentre M920x | ||
| Lenovo Thinkcentre M920z Firmware | <m1mkt55a | |
| Lenovo Thinkcentre M920z | ||
| Lenovo Ideacentre 510s-07icb Firmware | <m22kt48a | |
| Lenovo Ideacentre 510s-07icb | ||
| Lenovo Ideacentre 510s-07icb Firmware | <m22kt49a | |
| Lenovo Ideacentre 510s-07ick Firmware | <m30kt28a | |
| Lenovo Ideacentre 510s-07ick | ||
| Lenovo Ideacentre 510s-07ick Firmware | <m1zkt40a | |
| Lenovo Ideacentre 720-18apr Firmware | <m25kt63a | |
| Lenovo Ideacentre 720-18apr | ||
| Lenovo V30a-22itl Firmware | <o5akt33 | |
| Lenovo V30a-22itl | ||
| Lenovo V30a-24itl Firmware | <o5akt33 | |
| Lenovo V30a-24itl | ||
| Lenovo V530s-07icb Firmware | <m22kt49a | |
| Lenovo V530s-07icb | ||
| Lenovo V530s-07icr Firmware | <m1zkt40a | |
| Lenovo V530s-07icr | ||
| Lenovo Thinkstation P330 Tiny Firmware | <m1ukt70a | |
| Lenovo Thinkstation P330 Tiny | ||
| Lenovo Thinkstation P360 Ultra Firmware | <s0fkt27a | |
| Lenovo Thinkstation P360 Ultra | ||
| Lenovo Thinkstation P520 Firmware | <s03kt58a | |
| Lenovo Thinkstation P520 | ||
| Lenovo Thinkstation P520c Firmware | <s03kt58a | |
| Lenovo Thinkstation P520c |
Remedy
Update system firmware to the version (or newer) indicated for your model in the related Lenovo advisory: https://support.lenovo.com/us/en/product_security/LEN-124495 https://support.lenovo.com/us/en/product_security/LEN-124495
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/lenovo
- canonical/lenovo ideacentre aio 3 21itl7 firmware
- canonical/lenovo ideacentre aio 3 21itl7
- canonical/lenovo ideacentre aio 3-22itl6 firmware
- canonical/lenovo ideacentre aio 3-22itl6
- canonical/lenovo ideacentre aio 3-24itl6 firmware
- canonical/lenovo ideacentre aio 3-24itl6
- canonical/lenovo ideacentre aio 3-27itl6 firmware
- canonical/lenovo ideacentre aio 3-27itl6
- canonical/lenovo thinkcentre m720e firmware
- canonical/lenovo thinkcentre m720e
- canonical/lenovo thinkcentre m720q firmware
- canonical/lenovo thinkcentre m720q
- canonical/lenovo thinkcentre m720s firmware
- canonical/lenovo thinkcentre m720s
- canonical/lenovo thinkcentre m720t firmware
- canonical/lenovo thinkcentre m720t
- canonical/lenovo thinkcentre m725s firmware
- canonical/lenovo thinkcentre m725s
- canonical/lenovo thinkcentre m75s gen 2 firmware
- canonical/lenovo thinkcentre m75s gen 2
- canonical/lenovo thinkcentre m75t gen 2 firmware
- canonical/lenovo thinkcentre m75t gen 2
- canonical/lenovo thinkcentre m920q firmware
- canonical/lenovo thinkcentre m920q
- canonical/lenovo thinkcentre m920s firmware
- canonical/lenovo thinkcentre m920s
- canonical/lenovo thinkcentre m920t firmware
- canonical/lenovo thinkcentre m920t
- canonical/lenovo thinkcentre m920x firmware
- canonical/lenovo thinkcentre m920x
- canonical/lenovo thinkcentre m920z firmware
- canonical/lenovo thinkcentre m920z
- canonical/lenovo ideacentre 510s-07icb firmware
- canonical/lenovo ideacentre 510s-07icb
- canonical/lenovo ideacentre 510s-07ick firmware
- canonical/lenovo ideacentre 510s-07ick
- canonical/lenovo ideacentre 720-18apr firmware
- canonical/lenovo ideacentre 720-18apr
- canonical/lenovo v30a-22itl firmware
- canonical/lenovo v30a-22itl
- canonical/lenovo v30a-24itl firmware
- canonical/lenovo v30a-24itl
- canonical/lenovo v530s-07icb firmware
- canonical/lenovo v530s-07icb
- canonical/lenovo v530s-07icr firmware
- canonical/lenovo v530s-07icr
- canonical/lenovo thinkstation p330 tiny firmware
- canonical/lenovo thinkstation p330 tiny
- canonical/lenovo thinkstation p360 ultra firmware
- canonical/lenovo thinkstation p360 ultra
- canonical/lenovo thinkstation p520 firmware
- canonical/lenovo thinkstation p520
- canonical/lenovo thinkstation p520c firmware
- canonical/lenovo thinkstation p520c