A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.
References
| Link | Resource |
|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-106014 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
History
08 Nov 2023, 00:24
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://support.lenovo.com/us/en/product_security/LEN-106014 - Vendor Advisory | |
| First Time |
Lenovo thinkpad Yoga 260
Lenovo thinkpad X260 Firmware Lenovo thinkpad 25 Firmware Lenovo thinkpad X1 Carbon 4th Gen Firmware Lenovo thinkpad T560 Firmware Lenovo thinkpad T470s Firmware Lenovo thinkpad X1 Yoga 1st Gen Firmware Lenovo thinkpad L560 Firmware Lenovo thinkpad X260 Lenovo thinkpad P50s Lenovo Lenovo thinkpad T470 Firmware Lenovo thinkpad X1 Carbon 4th Gen Lenovo thinkpad L560 Lenovo thinkpad P50 Firmware Lenovo thinkpad T560 Lenovo thinkpad P50 Lenovo thinkpad Yoga 260 Firmware Lenovo thinkpad P50s Firmware Lenovo thinkpad T470 Lenovo thinkpad X1 Yoga 1st Gen Lenovo thinkpad P70 Firmware Lenovo thinkpad 25 Lenovo thinkpad T470s Lenovo thinkpad X270 Firmware Lenovo thinkpad P70 Lenovo thinkpad X270 |
|
| CPE | cpe:2.3:o:lenovo:thinkpad_x260_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x270:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l560:-:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_l560_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_p70_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_p50_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t470:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x1_yoga_1st_gen:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p70:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t470s:-:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_x270_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_25:-:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_t470s_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x260:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x1_carbon_4th_gen:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p50:-:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_p50s_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_x1_yoga_1st_gen_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p50s:-:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_t560_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_t470_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_yoga_260_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_25_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t560:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_yoga_260:-:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_x1_carbon_4th_gen_firmware:*:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.7 |
30 Oct 2023, 15:28
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-10-30 15:15
Updated : 2023-11-08 00:24
NVD link : CVE-2022-4575
Mitre link : CVE-2022-4575
JSON object : View
Products Affected
lenovo
- thinkpad_25
- thinkpad_x260_firmware
- thinkpad_x270
- thinkpad_x1_carbon_4th_gen
- thinkpad_25_firmware
- thinkpad_p50s
- thinkpad_p50
- thinkpad_t470_firmware
- thinkpad_x260
- thinkpad_x1_yoga_1st_gen
- thinkpad_l560
- thinkpad_yoga_260_firmware
- thinkpad_t470s_firmware
- thinkpad_p50s_firmware
- thinkpad_t560_firmware
- thinkpad_p50_firmware
- thinkpad_t470s
- thinkpad_t560
- thinkpad_t470
- thinkpad_l560_firmware
- thinkpad_p70_firmware
- thinkpad_x1_yoga_1st_gen_firmware
- thinkpad_yoga_260
- thinkpad_x270_firmware
- thinkpad_p70
- thinkpad_x1_carbon_4th_gen_firmware
CWE
CWE-276
Incorrect Default Permissions