CVE-2022-48188

Home/CVE/A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could al

CVE

A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could al

A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.

MEDIUM · CVSS 6.7 EPSS 0.00043

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-787Out-of-bounds Write

▤

Affected Products & Versions

lenovo ideacentre aio 3 21itl7 firmware< o5akt33
lenovo ideacentre aio 3-22itl6 firmware< o5akt33
lenovo ideacentre aio 3-24itl6 firmware< o5akt33
lenovo ideacentre aio 3-27itl6 firmware< o5akt33
lenovo thinkcentre m720e firmware< m1zkt40a
lenovo thinkcentre m720q firmware< m1ukt70a
lenovo thinkcentre m720s firmware< m1ukt70a
lenovo thinkcentre m720t firmware< m1ukt70a
Show all 31 affected productslenovo thinkcentre m725s firmware< m25kt63a
lenovo thinkcentre m75s gen 2 firmware< m46kt30a
lenovo thinkcentre m75s gen 2 firmware< m3bkt30a
lenovo thinkcentre m75t gen 2 firmware< m46kt30a
lenovo thinkcentre m75t gen 2 firmware< m3akt4ca
lenovo thinkcentre m920q firmware< m1ukt70a
lenovo thinkcentre m920s firmware< m1ukt70a
lenovo thinkcentre m920t firmware< m1ukt70a
lenovo thinkcentre m920x firmware< m1ukt70a
lenovo thinkcentre m920z firmware< m1mkt55a
lenovo ideacentre 510s-07icb firmware< m22kt48a
lenovo ideacentre 510s-07icb firmware< m22kt49a
lenovo ideacentre 510s-07ick firmware< m30kt28a
lenovo ideacentre 510s-07ick firmware< m1zkt40a
lenovo ideacentre 720-18apr firmware< m25kt63a
lenovo v30a-22itl firmware< o5akt33
lenovo v30a-24itl firmware< o5akt33
lenovo v530s-07icb firmware< m22kt49a
lenovo v530s-07icr firmware< m1zkt40a
lenovo thinkstation p330 tiny firmware< m1ukt70a
lenovo thinkstation p360 ultra firmware< s0fkt27a
lenovo thinkstation p520 firmware< s03kt58a
lenovo thinkstation p520c firmware< s03kt58a

▣

Scoring & Timeline

6.7

MEDIUM · CVSS v3.1 · psirt@lenovo.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD05 Jun 2023 · 10:15 PM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

SSVC triage · cisa-vulnrichment

Exploitation

none

Automatable

Technical impact

total

SSVC asks the questions that actually drive patch urgency: is it being exploited, can attacks be automated, and how total is the impact.

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://support.lenovo.com/us/en/product_security/LEN-124495Vendor Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin