CVE-2022-40136 | Severity.io

Description

An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

Related CPE's

ideacentre_c5-14imb05_firmware

Vulnerable

ideacentre_c5-14imb05

thinkcentre_e96z_firmware

Vulnerable

thinkcentre_e96z

ideacentre_3_07iab7_firmware

Vulnerable

ideacentre_3_07iab7

ideacentre_3-07imb05_firmware

Vulnerable

ideacentre_3-07imb05

ideacentre_5_14iab7_firmware

Vulnerable

ideacentre_5_14iab7

ideacentre_5-14acn6_firmware

Vulnerable

ideacentre_5-14acn6

ideacentre_5-14imb05_firmware

Vulnerable

ideacentre_5-14imb05

ideacentre_5-14iob6_firmware

Vulnerable

ideacentre_5-14iob6

ideacentre_creator_5-14iob6_firmware

Vulnerable

ideacentre_creator_5-14iob6

ideacentre_g5-14imb05_firmware

Vulnerable

ideacentre_g5-14imb05

ideacentre_gaming_5_17acn7_firmware

Vulnerable

ideacentre_gaming_5_17acn7

ideacentre_gaming_5_17iab7_firmware

Vulnerable

ideacentre_gaming_5_17iab7

ideacentre_gaming_5-14acn6_firmware

Vulnerable

ideacentre_gaming_5-14acn6

ideacentre_gaming_5-14iob6_firmware

Vulnerable

ideacentre_gaming_5-14iob6

legion_c530-19icb_firmware

Vulnerable

legion_c530-19icb

legion_t5-26iob6_firmware

Vulnerable

legion_t5-26iob6

legion_t5-28icb05_firmware

Vulnerable

legion_t5-28icb05

legion_t530-28apr_firmware

Vulnerable

legion_t530-28apr

legion_t530-28icb_firmware

Vulnerable

legion_t530-28icb

legion_t7-34imz5_firmware

Vulnerable

legion_t7-34imz5

thinkcentre_m70q_gen_2_firmware

Vulnerable

thinkcentre_m70q_gen_2

thinkcentre_m710t_firmware

Vulnerable

thinkcentre_m710t

thinkcentre_m60e_tiny_firmware

Vulnerable

thinkcentre_m60e_tiny

thinkcentre_m625q_firmware

Vulnerable

thinkcentre_m625q

thinkcentre_m630e_firmware

Vulnerable

thinkcentre_m630e

thinkcentre_m70a_firmware

Vulnerable

thinkcentre_m70a

thinkcentre_m70a_gen_2_firmware

Vulnerable

thinkcentre_m70a_gen_2

thinkcentre_m70c_firmware

Vulnerable

thinkcentre_m70c

thinkcentre_m70q_firmware

Vulnerable

thinkcentre_m70q

thinkcentre_m70q_gen_3_firmware

Vulnerable

thinkcentre_m70q_gen_3

thinkcentre_m70s_gen_3_firmware

Vulnerable

thinkcentre_m70s_gen_3

thinkcentre_m70t_gen_3_firmware

Vulnerable

thinkcentre_m70t_gen_3

thinkcentre_m710e_firmware

Vulnerable

thinkcentre_m710e

thinkcentre_m710q_firmware

Vulnerable

thinkcentre_m710q

thinkcentre_m710s_firmware

Vulnerable

thinkcentre_m710s

thinkcentre_m715q_firmware

Vulnerable

thinkcentre_m715q

thinkcentre_m715t_firmware

Vulnerable

thinkcentre_m715t

thinkcentre_m720e_firmware

Vulnerable

thinkcentre_m720e

thinkcentre_m720q_firmware

Vulnerable

thinkcentre_m720q

thinkcentre_m720s_firmware

Vulnerable

thinkcentre_m720s

thinkcentre_m720t_firmware

Vulnerable

thinkcentre_m720t

thinkcentre_m725s_firmware

Vulnerable

thinkcentre_m725s

thinkcentre_m75n_firmware

Vulnerable

thinkcentre_m75n

thinkcentre_m75q_gen_2_firmware

Vulnerable

thinkcentre_m75q_gen_2

thinkcentre_m75q-1_firmware

Vulnerable

thinkcentre_m75q-1

thinkcentre_m75s_gen_2_firmware

Vulnerable

thinkcentre_m75s_gen_2

thinkcentre_m75s-1_firmware

Vulnerable

thinkcentre_m75s-1

thinkcentre_m75t_gen_2_firmware

Vulnerable

thinkcentre_m75t_gen_2

thinkcentre_m80q_firmware

Vulnerable

thinkcentre_m80q

thinkcentre_m810z_firmware

Vulnerable

thinkcentre_m810z

thinkcentre_m818z_firmware

Vulnerable

thinkcentre_m818z

thinkcentre_m820z_firmware

Vulnerable

thinkcentre_m820z

thinkcentre_m90a_firmware

Vulnerable

thinkcentre_m90a

thinkcentre_m90a_gen2_firmware

Vulnerable

thinkcentre_m90a_gen2

thinkcentre_m90q_gen_2_firmware

Vulnerable

thinkcentre_m90q_gen_2

thinkcentre_m90q_tiny_firmware

Vulnerable

thinkcentre_m90q_tiny

thinkcentre_m910q_firmware

Vulnerable

thinkcentre_m910q

thinkcentre_m910s_firmware

Vulnerable

thinkcentre_m910s

thinkcentre_m910t_firmware

Vulnerable

thinkcentre_m910t

thinkcentre_m910x_firmware

Vulnerable

thinkcentre_m910x

thinkcentre_m920q_firmware

Vulnerable

thinkcentre_m920q

thinkcentre_m920s_firmware

Vulnerable

thinkcentre_m920s

thinkcentre_m920t_firmware

Vulnerable

thinkcentre_m920t

thinkcentre_m920x_firmware

Vulnerable

thinkcentre_m920x

thinkcentre_neo_50s_gen_3_firmware

Vulnerable

thinkcentre_neo_50s_gen_3

thinkcentre_neo_50t_gen_3_firmware

Vulnerable

thinkcentre_neo_50t_gen_3

qitian_a815_firmware

Vulnerable

qt_m410_firmware

Vulnerable

qt_b415_firmware

Vulnerable

qt_m415_firmware

Vulnerable

ideacentre_t540-15ama_g_firmware

Vulnerable

ideacentre_t540-15ama_g

ideacentre_t540-15ick_firmware

Vulnerable

ideacentre_t540-15ick

thinkcentre_e75_t\/s_firmware

Vulnerable

thinkcentre_e75_t\/s

thinkcentre_m610_firmware

Vulnerable

thinkcentre_m610

thinkcentre_m6600q_firmware

Vulnerable

thinkcentre_m6600q

thinkcentre_m6600t_firmware

Vulnerable

thinkcentre_m6600t

thinkcentre_m6600s_firmware

Vulnerable

thinkcentre_m6600s

ideacentre_3-07ada05_firmware

Vulnerable

ideacentre_3-07ada05

ideacentre_5-14are05_firmware

Vulnerable

ideacentre_5-14are05

ideacentre_g5-14amr05_firmware

Vulnerable

ideacentre_g5-14amr05

thinkcentre_m90s_firmware

Vulnerable

thinkcentre_m90s

thinkcentre_m900x_firmware

Vulnerable

thinkcentre_m900x

thinkcentre_m900_firmware

Vulnerable

thinkcentre_m900

thinkcentre_m80t_firmware

Vulnerable

thinkcentre_m80t

thinkcentre_m80s_firmware

Vulnerable

thinkcentre_m80s

thinkcentre_m800_firmware

Vulnerable

thinkcentre_m800

thinkcentre_m70t_firmware

Vulnerable

thinkcentre_m70t

thinkcentre_m70s_firmware

Vulnerable

thinkcentre_m70s

ideacentre_510-15ick_firmware

Vulnerable

ideacentre_510-15ick

ideacentre_510a-15arr_firmware

Vulnerable

ideacentre_510a-15arr

ideacentre_510a-15ick_firmware

Vulnerable

ideacentre_510a-15ick

ideacentre_510s-07icb_firmware

Vulnerable

ideacentre_510s-07icb

ideacentre_510s-07ick_firmware

Vulnerable

ideacentre_510s-07ick

ideacentre_720-18apr_firmware

Vulnerable

ideacentre_720-18apr

ideacentre_a340-22igm_firmware

Vulnerable

ideacentre_a340-22igm

ideacentre_a340-24igm_firmware

Vulnerable

ideacentre_a340-24igm

v30a-22iml_firmware

Vulnerable

v30a-24iml_firmware

Vulnerable

v330-20icb_firmware

Vulnerable

v35s-07ada_firmware

Vulnerable

v50a-22imb_firmware

Vulnerable

v50a-24imb_firmware

Vulnerable

v50s-07imb_firmware

Vulnerable

v50t-13imb_firmware

Vulnerable

v50t-13iob_g2_firmware

Vulnerable

Vulnerable

Vulnerable

v530-15arr_firmware

Vulnerable

o

lenovo

v530-15icb_firmware

2

h

lenovo

v530-15icb

2

v530-15icr_firmware

Vulnerable

v530-22icb_firmware

Vulnerable

v530-24icb_firmware

Vulnerable

v530s-07icb_firmware

Vulnerable

v530s-07icr_firmware

Vulnerable

v540-24iwl_firmware

Vulnerable

v55t_gen_2_13acn_firmware

Vulnerable

v55t_gen_2_13acn

v55t-15api_firmware

Vulnerable

v55t-15are_firmware

Vulnerable

yangtian_afq150_firmware

Vulnerable

yangtian_afq150

yta8900f_firmware

Vulnerable

yoga_a940-27icb_firmware

Vulnerable

yoga_a940-27icb

thinkedge_se30_firmware

Vulnerable

thinksmart_core_\&_controller_full_room_kit\

_microsoft_teams_rooms_firmware

Vulnerable

thinksmart_core_\&_controller_full_room_kit\

_microsoft_teams_rooms

thinksmart_core_\&_controller_full_room_kit\

_zoom_rooms_firmware

Vulnerable

thinksmart_core_\&_controller_full_room_kit\

thinksmart_core_\&_controller_kit\

_microsoft_teams_rooms_firmware

Vulnerable

thinksmart_core_\&_controller_kit\

_microsoft_teams_rooms

thinksmart_core_\&_controller_kit\

_zoom_rooms_firmware

Vulnerable

thinksmart_core_\&_controller_kit\

thinksmart_core_device_for_logitech_firmware

Vulnerable

thinksmart_core_device_for_logitech

thinksmart_core_device_for_poly_firmware

Vulnerable

thinksmart_core_device_for_poly

thinksmart_core_device\

_zoom_rooms_firmware

Vulnerable

thinksmart_core_device\

thinksmart_hub_teams_firmware

Vulnerable

thinksmart_hub_teams

thinksmart_hub_zoom_firmware

Vulnerable

thinksmart_hub_zoom

thinkstation_p310_firmware

Vulnerable

thinkstation_p310

thinkstation_p320_tiny_firmware

Vulnerable

thinkstation_p320_tiny

thinkstation_p330_tiny_firmware

Vulnerable

thinkstation_p330_tiny

thinkstation_p340_tiny_firmware

Vulnerable

thinkstation_p340_tiny

thinkstation_p340_firmware

Vulnerable

thinkstation_p340

thinkstation_p348_firmware

Vulnerable

thinkstation_p348

thinkstation_p350_tiny_firmware

Vulnerable

thinkstation_p350_tiny

thinkstation_p350_firmware

Vulnerable

thinkstation_p350

thinkstation_p520_firmware

Vulnerable

thinkstation_p520

thinkstation_p520c_firmware

Vulnerable

thinkstation_p520c

thinkstation_p620_firmware

Vulnerable

thinkstation_p620

stadia_ggp-120_firmware

Vulnerable

thinkstation_p318_firmware

Vulnerable

thinkstation_p318

thinkstation_p920_firmware

Vulnerable

thinkstation_p920

thinkstation_p720_firmware

Vulnerable

thinkstation_p720

thinkstation_p320_firmware

Vulnerable

thinkstation_p320

thinksystem_st50_firmware

Vulnerable

thinksystem_st50

thinksystem_st58_firmware

Vulnerable

thinksystem_st58

References

https://support.lenovo.com/us/en/product_security/LEN-94953

Vendor Advisory

https://support.lenovo.com/us/en/product_security/LEN-94953

Vendor Advisory

Weaknesses

[email protected]

Secondary

CWE-125

[email protected]

Primary

CWE-125

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

4.4 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-01-30T21:15:12.320Z

2 years ago

Last modified

2024-11-21T06:20:56.740Z

1 year ago