CVE-2022-40134
MEDIUMLenovo Ideacentre C5-14imb05 Firmware - Out-of-Bounds Read
Title source: ruleDescription
An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
References (1)
Core 1
Core References
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-94953
Scores
CVSS v3
4.4
EPSS
0.0005
EPSS Percentile
15.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-125
Status
published
Products (50)
lenovo/ideacentre_3-07ada05_firmware
o4fkt29a
lenovo/ideacentre_3-07imb05_firmware
m2vkt1da
lenovo/ideacentre_3_07iab7_firmware
m49kt1da
lenovo/ideacentre_5-14acn6_firmware
o5ekt21a
lenovo/ideacentre_5-14are05_firmware
o4zkt29a
lenovo/ideacentre_5-14imb05_firmware
o4hkt38a
lenovo/ideacentre_5-14iob6_firmware
m3gkt33a
lenovo/ideacentre_510s-07icb_firmware
m22kt47a
lenovo/ideacentre_510s-07icb_firmware
m22kt48a
lenovo/ideacentre_510s-07ick_firmware
m30kt26a
... and 40 more
Published
Jan 30, 2023
Tracked Since
Feb 18, 2026