// For flags

CVE-2022-1891

 

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

*Credits: Lenovo thanks Martin Smolár from ESET for reporting these issues.
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-05-25 CVE Reserved
  • 2023-01-23 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • CWE-122: Heap-based Buffer Overflow
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Lenovo
Search vendor "Lenovo"
Thinkbook 14-iml Firmware
Search vendor "Lenovo" for product "Thinkbook 14-iml Firmware"
< cjcn38ww
Search vendor "Lenovo" for product "Thinkbook 14-iml Firmware" and version " < cjcn38ww"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkbook 14-iml
Search vendor "Lenovo" for product "Thinkbook 14-iml"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkbook 14-iil Firmware
Search vendor "Lenovo" for product "Thinkbook 14-iil Firmware"
< djcn28ww
Search vendor "Lenovo" for product "Thinkbook 14-iil Firmware" and version " < djcn28ww"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkbook 14-iil
Search vendor "Lenovo" for product "Thinkbook 14-iil"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkbook 15-iil Firmware
Search vendor "Lenovo" for product "Thinkbook 15-iil Firmware"
< djcn28ww
Search vendor "Lenovo" for product "Thinkbook 15-iil Firmware" and version " < djcn28ww"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkbook 15-iil
Search vendor "Lenovo" for product "Thinkbook 15-iil"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkbook 15-iml Firmware
Search vendor "Lenovo" for product "Thinkbook 15-iml Firmware"
< cjcn38ww
Search vendor "Lenovo" for product "Thinkbook 15-iml Firmware" and version " < cjcn38ww"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkbook 15-iml
Search vendor "Lenovo" for product "Thinkbook 15-iml"
--
Safe
Lenovo
Search vendor "Lenovo"
Yoga C640-13iml Lte Firmware
Search vendor "Lenovo" for product "Yoga C640-13iml Lte Firmware"
< chcn28ww
Search vendor "Lenovo" for product "Yoga C640-13iml Lte Firmware" and version " < chcn28ww"
-
Affected
in Lenovo
Search vendor "Lenovo"
Yoga C640-13iml Lte
Search vendor "Lenovo" for product "Yoga C640-13iml Lte"
--
Safe
Lenovo
Search vendor "Lenovo"
Yoga C640-13iml Firmware
Search vendor "Lenovo" for product "Yoga C640-13iml Firmware"
< chcn28ww
Search vendor "Lenovo" for product "Yoga C640-13iml Firmware" and version " < chcn28ww"
-
Affected
in Lenovo
Search vendor "Lenovo"
Yoga C640-13iml
Search vendor "Lenovo" for product "Yoga C640-13iml"
--
Safe