CVSS: 4.4EPSS: 0%CPEs: 300EXPL: 0CVE-2022-40136
https://notcve.org/view.php?id=CVE-2022-40136
An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. • https://support.lenovo.com/us/en/product_security/LEN-94953 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 278EXPL: 0CVE-2022-40135
https://notcve.org/view.php?id=CVE-2022-40135
An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. • https://support.lenovo.com/us/en/product_security/LEN-94953 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 673EXPL: 0CVE-2022-40134
https://notcve.org/view.php?id=CVE-2022-40134
An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. • https://support.lenovo.com/us/en/product_security/LEN-94953 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 88EXPL: 0CVE-2022-3430
https://notcve.org/view.php?id=CVE-2022-3430
A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. Una vulnerabilidad potencial en el controlador de configuración WMI en algunos dispositivos portátiles Lenovo Notebook puede permitir que un atacante con privilegios elevados modifique la configuración de arranque seguro modificando una variable NVRAM. • https://support.lenovo.com/us/en/product_security/LEN-94952 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 142EXPL: 0CVE-2022-1892
https://notcve.org/view.php?id=CVE-2022-1892
A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code. • https://support.lenovo.com/us/en/product_security/LEN-91369 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •