Lenovo released a security advisory (LEN-106014) for an SMM driver input validation vulnerability in the BIOS of some ThinkPad models. Identified as CVE-2022-48189, this vulnerability represents a substantial threat, as it can result in an attacker with local access and elevated privileges to execute arbitrary code.
To safeguard against this risk, it is imperative to act and implement the recommended security measures – Update system firmware.
CVE-2022-48189
Identified as CVE-2022-48189, this significant security flaw has been categorized as a high-severity issue by Lenovo. This flaw poses a critical threat to the industry as it introduces vulnerabilities that could potentially lead to unauthorised access and arbitrary code execution.
The impacted products encompass laptops within the ThinkPad series. Please follow this link https://support.lenovo.com/us/en/product_security/LEN-106014#ThinkPad to view the complete list of affected products.
In summary, Lenovo has classified this as a high-level vulnerability. It exclusively impacts the BIOS of the ThinkPad series. Should you find yourself affected, we strongly urge you to consult the references provided for detailed mitigation strategies. If you have any inquiries or apprehensions, kindly refer to the “Contact Us” section for further assistance and information.
If you have any questions or require further information on any other cybersecurity matters, please don’t hesitate to contact our dedicated team at [email protected].
If you want to see more about the SOC service we offer, please follow this link https://maidar.io.
To ask a question, go to our support portal.
Or Opt-In to our Threat Advisory Services here.
