CVE-2022-1107
MEDIUMLenovo ThinkPad Firmware - Privilege Escalation via SMM Boot Services Handler
Title source: llmDescription
During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.lenovo.com/us/en/product_security/LEN-84943
Scores
CVSS v3
6.7
EPSS
0.0003
EPSS Percentile
9.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
CWE-20
Status
published
Products (30)
lenovo/thinkpad_11e_firmware
< n15et78w
lenovo/thinkpad_11e_yoga_firmware
< n15et78w
lenovo/thinkpad_helix_firmware
< n17eta8w
lenovo/thinkpad_l560_firmware
< n1het85w
lenovo/thinkpad_l570_firmware
< n1xet65w
lenovo/thinkpad_p50s_firmware
< n1ket46w
lenovo/thinkpad_p51s_firmware
< n1vet50w
lenovo/thinkpad_p52s_firmware
< n27et36w
lenovo/thinkpad_s540_firmware
< gpet80ww
lenovo/thinkpad_t550_firmware
< n11et50w
... and 20 more
Published
Apr 22, 2022
Tracked Since
Feb 18, 2026