CVE-2022-4435

Опубликовано: 05 янв. 2023

Источник: nvd

CVSS3: 6.7

CVSS3: 4.4

EPSS Низкий

Описание

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

Ссылки

https://support.lenovo.com/us/en/product_security/LEN-103709
Patch
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-103709
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:lenovo:thinkpad_x13s_firmware:*:*:*:*:*:*:*:*

Версия до 1.47 (исключая)

cpe:2.3:h:lenovo:thinkpad_x13s:-:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00139

Низкий

6.7 Medium

CVSS3

4.4 Medium

CVSS3

Дефекты

CWE-126

CWE-125

Связанные уязвимости

GHSA-h3fq-3f4x-hmfh

CVSS3: 4.4

github

около 3 лет назад

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

EPSS

Процентиль: 34%

0.00139

Низкий

6.7 Medium

CVSS3

4.4 Medium

CVSS3

Дефекты

CWE-126

CWE-125