CVE-2022-4575
MEDIUMLenovo ThinkPad Firmware - Secure Boot Bypass via UEFI Variable Write Protection
Title source: llmDescription
A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.
References (1)
Core 1
Core References
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-106014
Scores
CVSS v3
6.7
EPSS
0.0001
EPSS Percentile
0.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-276
Status
published
Products (13)
lenovo/thinkpad_25_firmware
< 1.73
lenovo/thinkpad_l560_firmware
< 1.62
lenovo/thinkpad_p50_firmware
< 1.71
lenovo/thinkpad_p50s_firmware
< 1.45
lenovo/thinkpad_p70_firmware
< 2.45
lenovo/thinkpad_t470_firmware
< 1.73
lenovo/thinkpad_t470s_firmware
< 1.49
lenovo/thinkpad_t560_firmware
< 1.45
lenovo/thinkpad_x1_carbon_4th_gen_firmware
< 1.56
lenovo/thinkpad_x1_yoga_1st_gen_firmware
< 1.56
... and 3 more
Published
Oct 30, 2023
Tracked Since
Feb 18, 2026