CVE-2022-3745
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
23/08/2023
Last modified:
29/08/2023
Description
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI.
Impact
Base Score 3.x
4.40
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:lenovo:ideapad_1_14iau7_firmware:*:*:*:*:*:*:*:* | jkcn34ww (excluding) | |
| cpe:2.3:h:lenovo:ideapad_1_14iau7:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:lenovo:ideapad_1_14igl7_firmware:*:*:*:*:*:*:*:* | kkcn15ww (excluding) | |
| cpe:2.3:h:lenovo:ideapad_1_14igl7:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:lenovo:ideapad_1_15iau7_firmware:*:*:*:*:*:*:*:* | jkcn34ww (excluding) | |
| cpe:2.3:h:lenovo:ideapad_1_15iau7:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:lenovo:ideapad_1_15igl7_firmware:*:*:*:*:*:*:*:* | kkcn15ww (excluding) | |
| cpe:2.3:h:lenovo:ideapad_1_15igl7:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:lenovo:ideapad_1-14ijl7_firmware:*:*:*:*:*:*:*:* | htcn31ww (excluding) | |
| cpe:2.3:h:lenovo:ideapad_1-14ijl7:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:lenovo:ideapad_1-15ijl7_firmware:*:*:*:*:*:*:*:* | htcn31ww (excluding) | |
| cpe:2.3:h:lenovo:ideapad_1-15ijl7:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:lenovo:ideapad_3_14iau7_firmware:*:*:*:*:*:*:*:* | jkcn34ww (excluding) | |
| cpe:2.3:h:lenovo:ideapad_3_14iau7:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:lenovo:ideapad_3_15iau7_firmware:*:*:*:*:*:*:*:* | jkcn34ww (excluding) |
To consult the complete list of CPE names with products and versions, see this page