CVE-2022-3744
MEDIUMLenovo IdeaPad LCFC BIOS - Unauthenticated UEFI Variable Unlock via Hard-coded SMI Handler Credential
Title source: llmDescription
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential.
References (1)
Core 1
Core References
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-103710
Scores
CVSS v3
6.7
EPSS
0.0003
EPSS Percentile
8.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (50)
lenovo/ideapad_1-14ijl7_firmware
< htcn31ww
lenovo/ideapad_1-15ijl7_firmware
< htcn31ww
lenovo/ideapad_1_14iau7_firmware
< jkcn34ww
lenovo/ideapad_1_14igl7_firmware
< kkcn15ww
lenovo/ideapad_1_15iau7_firmware
< jkcn34ww
lenovo/ideapad_1_15igl7_firmware
< kkcn15ww
lenovo/ideapad_3-14igl05_firmware
< dvcn28ww
lenovo/ideapad_3-14iil05_firmware
< emcn56ww
lenovo/ideapad_3-14iml05_firmware
< dxcn44ww
lenovo/ideapad_3-14itl05_firmware
< gccn32ww
... and 40 more
Published
Aug 23, 2023
Tracked Since
Feb 18, 2026