CVE-2022-40135
MEDIUMLenovo IdeaCentre and ThinkCentre Firmware - Information Leak via Smart USB Protection SMI Handler
Title source: llmDescription
An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
References (1)
Core 1
Core References
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-94953
Scores
CVSS v3
4.4
EPSS
0.0020
EPSS Percentile
9.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-125
Status
published
Products (50)
lenovo/ideacentre_3-07ada05_firmware
< o4fkt29a
lenovo/ideacentre_3-07imb05_firmware
< m2vkt1da
lenovo/ideacentre_3_07iab7_firmware
< m49kt1da
lenovo/ideacentre_5-14acn6_firmware
< o5ekt21a
lenovo/ideacentre_5-14are05_firmware
< o4zkt29a
lenovo/ideacentre_5-14imb05_firmware
< o4hkt38a
lenovo/ideacentre_5-14iob6_firmware
< m3gkt33a
lenovo/ideacentre_510-15ick_firmware
< o4kkt16a
lenovo/ideacentre_510a-15arr_firmware
< o4dkt43a
lenovo/ideacentre_510a-15ick_firmware
< o4kkt16a
... and 40 more
Published
Jan 30, 2023
Tracked Since
Feb 18, 2026