CVE-2022-48181
MEDIUMLenovo IdeaCentre Firmware - Stack-based Buffer Overflow in ErrorMessage Driver
Title source: llmDescription
An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code.
References (1)
Core 1
Core References
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-124495
Scores
CVSS v3
6.7
EPSS
0.0004
EPSS Percentile
13.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-787
Status
published
Products (50)
lenovo/ideacentre_3-07ada05_firmware
< o4fkt35a
lenovo/ideacentre_3-07imb05_firmware
< m2vkt1ea
lenovo/ideacentre_3_07ach7_firmware
< m4mkt12a
lenovo/ideacentre_3_07iab7_firmware
< m49kt21a
lenovo/ideacentre_5-14acn6_firmware
< o5ekt24a
lenovo/ideacentre_5-14are05_firmware
< o4zkt2aa
lenovo/ideacentre_5-14imb05_firmware
< o4hkt3aa
lenovo/ideacentre_5-14iob6_firmware
< m3gkt3aa
lenovo/ideacentre_510s-07icb_firmware
< m22kt49a
lenovo/ideacentre_510s-07ick_firmware
< m30kt28a
... and 40 more
Published
Jun 05, 2023
Tracked Since
Feb 18, 2026