CVE-2022-40136
MEDIUMLenovo Ideacentre C5-14imb05 Firmware < o4hkt38a - Out-of-Bounds Read
Title source: ruleDescription
An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
References (1)
Core 1
Core References
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-94953
Scores
CVSS v3
4.4
EPSS
0.0005
EPSS Percentile
15.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-125
Status
published
Products (50)
lenovo/ideacentre_3-07ada05_firmware
< o4fkt29a
lenovo/ideacentre_3-07imb05_firmware
< m2vkt1da
lenovo/ideacentre_3_07iab7_firmware
< m49kt1da
lenovo/ideacentre_5-14acn6_firmware
< o5ekt21a
lenovo/ideacentre_5-14are05_firmware
< o4zkt29a
lenovo/ideacentre_5-14imb05_firmware
< o4hkt38a
lenovo/ideacentre_5-14iob6_firmware
< m3gkt33a
lenovo/ideacentre_510-15ick_firmware
< o4kkt16a
lenovo/ideacentre_510a-15arr_firmware
< o4dkt43a
lenovo/ideacentre_510a-15ick_firmware
< o4kkt16a
... and 40 more
Published
Jan 30, 2023
Tracked Since
Feb 18, 2026