7.8
CWE
787 119
Advisory Published
Updated

CVE-2022-48188: Buffer Overflow

First published: Mon Jun 05 2023(Updated: )

A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Lenovo Ideacentre Aio 3 21itl7 Firmware<o5akt33
Lenovo Ideacentre Aio 3 21itl7
Lenovo Ideacentre Aio 3-22itl6 Firmware<o5akt33
Lenovo Ideacentre Aio 3-22itl6
Lenovo Ideacentre Aio 3-24itl6 Firmware<o5akt33
Lenovo Ideacentre Aio 3-24itl6
Lenovo Ideacentre Aio 3-27itl6 Firmware<o5akt33
Lenovo Ideacentre Aio 3-27itl6
Lenovo Thinkcentre M720e Firmware<m1zkt40a
Lenovo Thinkcentre M720e
Lenovo Thinkcentre M720q Firmware<m1ukt70a
Lenovo Thinkcentre M720q
Lenovo Thinkcentre M720s Firmware<m1ukt70a
Lenovo Thinkcentre M720s
Lenovo Thinkcentre M720t Firmware<m1ukt70a
Lenovo Thinkcentre M720t
Lenovo Thinkcentre M725s Firmware<m25kt63a
Lenovo Thinkcentre M725s
Lenovo Thinkcentre M75s Gen 2 Firmware<m46kt30a
Lenovo Thinkcentre M75s Gen 2
Lenovo Thinkcentre M75s Gen 2 Firmware<m3bkt30a
Lenovo Thinkcentre M75t Gen 2 Firmware<m46kt30a
Lenovo Thinkcentre M75t Gen 2
Lenovo Thinkcentre M75t Gen 2 Firmware<m3akt4ca
Lenovo Thinkcentre M920q Firmware<m1ukt70a
Lenovo Thinkcentre M920q
Lenovo Thinkcentre M920s Firmware<m1ukt70a
Lenovo Thinkcentre M920s
Lenovo Thinkcentre M920t Firmware<m1ukt70a
Lenovo Thinkcentre M920t
Lenovo Thinkcentre M920x Firmware<m1ukt70a
Lenovo Thinkcentre M920x
Lenovo Thinkcentre M920z Firmware<m1mkt55a
Lenovo Thinkcentre M920z
Lenovo Ideacentre 510s-07icb Firmware<m22kt48a
Lenovo Ideacentre 510s-07icb
Lenovo Ideacentre 510s-07icb Firmware<m22kt49a
Lenovo Ideacentre 510s-07ick Firmware<m30kt28a
Lenovo Ideacentre 510s-07ick
Lenovo Ideacentre 510s-07ick Firmware<m1zkt40a
Lenovo Ideacentre 720-18apr Firmware<m25kt63a
Lenovo Ideacentre 720-18apr
Lenovo V30a-22itl Firmware<o5akt33
Lenovo V30a-22itl
Lenovo V30a-24itl Firmware<o5akt33
Lenovo V30a-24itl
Lenovo V530s-07icb Firmware<m22kt49a
Lenovo V530s-07icb
Lenovo V530s-07icr Firmware<m1zkt40a
Lenovo V530s-07icr
Lenovo Thinkstation P330 Tiny Firmware<m1ukt70a
Lenovo Thinkstation P330 Tiny
Lenovo Thinkstation P360 Ultra Firmware<s0fkt27a
Lenovo Thinkstation P360 Ultra
Lenovo Thinkstation P520 Firmware<s03kt58a
Lenovo Thinkstation P520
Lenovo Thinkstation P520c Firmware<s03kt58a
Lenovo Thinkstation P520c

Remedy

Update system firmware to the version (or newer) indicated for your model in the related Lenovo advisory:  https://support.lenovo.com/us/en/product_security/LEN-124495 https://support.lenovo.com/us/en/product_security/LEN-124495

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203