CVE-2022-3431
MEDIUMLenovo IdeaPad Creator 5-16ACH6 Firmware - Incorrect Default Permissions
Title source: llmDescription
A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
References (1)
Core 1
Core References
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-94952
Scores
CVSS v3
6.7
EPSS
0.0003
EPSS Percentile
10.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-276
Status
published
Products (25)
lenovo/d330-10igl_firmware
< g0cn11ww
lenovo/ideapad_5_pro-16ach6_firmware
< gscn34ww
lenovo/ideapad_5_pro-16ihu6_firmware
< grcn22ww
lenovo/ideapad_5_pro_16arh7_firmware
< j4cn33ww
lenovo/ideapad_creator_5-16ach6_firmware
< gscn34ww
lenovo/ideapad_duet_3_10igl5_firmware
< eqcn37ww
lenovo/ideapad_slim_7_pro_16ach6_firmware
< hucn16ww
lenovo/s540-15iml_firmware
< cncn22ww
lenovo/slim_7_16arh7_firmware
< klcn15ww
lenovo/thinkbook_13x_itg_firmware
< hlcn30ww
... and 15 more
Published
Oct 09, 2023
Tracked Since
Feb 18, 2026