CVE-2022-48188
MEDIUMLenovo IdeaCentre AIO 3 and ThinkCentre Firmware - Out-of-bounds Write
Title source: llmDescription
A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.
References (1)
Core 1
Core References
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-124495
Scores
CVSS v3
6.7
EPSS
0.0004
EPSS Percentile
13.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-787
Status
published
Products (27)
lenovo/ideacentre_510s-07icb_firmware
< m22kt48a
lenovo/ideacentre_510s-07ick_firmware
< m30kt28a
lenovo/ideacentre_720-18apr_firmware
< m25kt63a
lenovo/ideacentre_aio_3-22itl6_firmware
< o5akt33
lenovo/ideacentre_aio_3-24itl6_firmware
< o5akt33
lenovo/ideacentre_aio_3-27itl6_firmware
< o5akt33
lenovo/ideacentre_aio_3_21itl7_firmware
< o5akt33
lenovo/thinkcentre_m720e_firmware
< m1zkt40a
lenovo/thinkcentre_m720q_firmware
< m1ukt70a
lenovo/thinkcentre_m720s_firmware
< m1ukt70a
... and 17 more
Published
Jun 05, 2023
Tracked Since
Feb 18, 2026