CVE-2022-40136 | ByteOS Network

Vulnerability Details :

CVE-2022-40136

Assigner-lenovo

Assigner Org ID-da227ddf-6e25-4b41-b023-0f976dcaca4b

Published At-30 Jan, 2023 | 21:20

Updated At-27 Mar, 2025 | 15:25

An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:lenovo

Assigner Org ID:da227ddf-6e25-4b41-b023-0f976dcaca4b

Published At:30 Jan, 2023 | 21:20

Updated At:27 Mar, 2025 | 15:25

▼CVE Numbering Authority (CNA)

An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

Affected Products

Vendor

Lenovo Group Limited

Product

Default Status

unaffected

Versions

Affected

various

Problem Types

Type	CWE ID	Description
CWE	CWE-125	CWE-125 Out-of-bounds Read

Type: CWE

CWE ID: CWE-125

Description: CWE-125 Out-of-bounds Read

Metrics

Version	Base score	Base severity	Vector
3.1	4.4	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Version: 3.1

Base score: 4.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Solutions

Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-94953.

References

Hyperlink	Resource
https://support.lenovo.com/us/en/product_security/LEN-94953	N/A

Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-94953

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://support.lenovo.com/us/en/product_security/LEN-94953	x_transferred

Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-94953

Resource:

x_transferred

2. CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

Source:psirt@lenovo.com

Published At:30 Jan, 2023 | 22:15

Updated At:15 Feb, 2023 | 15:48

An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	4.4	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Secondary	3.1	4.4	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Type: Primary

Version: 3.1

Base score: 4.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 4.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CPE Matches

Lenovo Group Limited

>>ideacentre_c5-14imb05_firmware>>Versions before o4hkt38a(exclusive)

cpe:2.3:o:lenovo:ideacentre_c5-14imb05_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_c5-14imb05>>-

cpe:2.3:h:lenovo:ideacentre_c5-14imb05:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkcentre_e96z_firmware>>Versions before m26kt22a(exclusive)

cpe:2.3:o:lenovo:thinkcentre_e96z_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkcentre_e96z>>-

cpe:2.3:h:lenovo:thinkcentre_e96z:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_3_07iab7_firmware>>Versions before m49kt1da(exclusive)

cpe:2.3:o:lenovo:ideacentre_3_07iab7_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_3_07iab7>>-

cpe:2.3:h:lenovo:ideacentre_3_07iab7:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_3-07imb05_firmware>>Versions before m2vkt1da(exclusive)

cpe:2.3:o:lenovo:ideacentre_3-07imb05_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_3-07imb05>>-

cpe:2.3:h:lenovo:ideacentre_3-07imb05:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_5_14iab7_firmware>>Versions before m42kt40a(exclusive)

cpe:2.3:o:lenovo:ideacentre_5_14iab7_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_5_14iab7>>-

cpe:2.3:h:lenovo:ideacentre_5_14iab7:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_5-14acn6_firmware>>Versions before o5ekt21a(exclusive)

cpe:2.3:o:lenovo:ideacentre_5-14acn6_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_5-14acn6>>-

cpe:2.3:h:lenovo:ideacentre_5-14acn6:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_5-14imb05_firmware>>Versions before o4hkt38a(exclusive)

cpe:2.3:o:lenovo:ideacentre_5-14imb05_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_5-14imb05>>-

cpe:2.3:h:lenovo:ideacentre_5-14imb05:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_5-14iob6_firmware>>Versions before m3gkt33a(exclusive)

cpe:2.3:o:lenovo:ideacentre_5-14iob6_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_5-14iob6>>-

cpe:2.3:h:lenovo:ideacentre_5-14iob6:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_creator_5-14iob6_firmware>>Versions up to m3gkt33a(inclusive)

cpe:2.3:o:lenovo:ideacentre_creator_5-14iob6_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_creator_5-14iob6>>-

cpe:2.3:h:lenovo:ideacentre_creator_5-14iob6:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_g5-14imb05_firmware>>Versions before o4hkt38a(exclusive)

cpe:2.3:o:lenovo:ideacentre_g5-14imb05_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_g5-14imb05>>-

cpe:2.3:h:lenovo:ideacentre_g5-14imb05:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_gaming_5_17acn7_firmware>>Versions before o5ekt21a(exclusive)

cpe:2.3:o:lenovo:ideacentre_gaming_5_17acn7_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_gaming_5_17acn7>>-

cpe:2.3:h:lenovo:ideacentre_gaming_5_17acn7:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_gaming_5_17iab7_firmware>>Versions before m42kt40a(exclusive)

cpe:2.3:o:lenovo:ideacentre_gaming_5_17iab7_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_gaming_5_17iab7>>-

cpe:2.3:h:lenovo:ideacentre_gaming_5_17iab7:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_gaming_5-14acn6_firmware>>Versions before o5ekt21a(exclusive)

cpe:2.3:o:lenovo:ideacentre_gaming_5-14acn6_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_gaming_5-14acn6>>-

cpe:2.3:h:lenovo:ideacentre_gaming_5-14acn6:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_gaming_5-14iob6_firmware>>Versions before m3gkt33a(exclusive)

cpe:2.3:o:lenovo:ideacentre_gaming_5-14iob6_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>ideacentre_gaming_5-14iob6>>-

cpe:2.3:h:lenovo:ideacentre_gaming_5-14iob6:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>legion_c530-19icb_firmware>>Versions before o4bkt20a(exclusive)

cpe:2.3:o:lenovo:legion_c530-19icb_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>legion_c530-19icb>>-

cpe:2.3:h:lenovo:legion_c530-19icb:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>legion_t5-26iob6_firmware>>Versions before o54kt1da(exclusive)

cpe:2.3:o:lenovo:legion_t5-26iob6_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>legion_t5-26iob6>>-

cpe:2.3:h:lenovo:legion_t5-26iob6:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>legion_t5-28icb05_firmware>>Versions before o4bkt20a(exclusive)

cpe:2.3:o:lenovo:legion_t5-28icb05_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>legion_t5-28icb05>>-

cpe:2.3:h:lenovo:legion_t5-28icb05:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>legion_t530-28apr_firmware>>Versions before o4gkt16a(exclusive)

cpe:2.3:o:lenovo:legion_t530-28apr_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>legion_t530-28apr>>-

cpe:2.3:h:lenovo:legion_t530-28apr:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>legion_t530-28icb_firmware>>Versions before o4bkt20a(exclusive)

cpe:2.3:o:lenovo:legion_t530-28icb_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>legion_t530-28icb>>-

cpe:2.3:h:lenovo:legion_t530-28icb:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>legion_t7-34imz5_firmware>>Versions before o4lkt1ea(exclusive)

cpe:2.3:o:lenovo:legion_t7-34imz5_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>legion_t7-34imz5>>-

cpe:2.3:h:lenovo:legion_t7-34imz5:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkcentre_m70q_gen_2_firmware>>Versions before m2wkt57a(exclusive)

cpe:2.3:o:lenovo:thinkcentre_m70q_gen_2_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkcentre_m70q_gen_2>>-

cpe:2.3:h:lenovo:thinkcentre_m70q_gen_2:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkcentre_m710t_firmware>>Versions before m16kt68a(exclusive)

cpe:2.3:o:lenovo:thinkcentre_m710t_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkcentre_m710t>>-

cpe:2.3:h:lenovo:thinkcentre_m710t:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkcentre_m60e_tiny_firmware>>Versions before m3skt21a(exclusive)

cpe:2.3:o:lenovo:thinkcentre_m60e_tiny_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkcentre_m60e_tiny>>-

cpe:2.3:h:lenovo:thinkcentre_m60e_tiny:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkcentre_m625q_firmware>>Versions before m1wkt45a(exclusive)

cpe:2.3:o:lenovo:thinkcentre_m625q_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkcentre_m625q>>-

cpe:2.3:h:lenovo:thinkcentre_m625q:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkcentre_m630e_firmware>>Versions before m28kt37a(exclusive)

cpe:2.3:o:lenovo:thinkcentre_m630e_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkcentre_m630e>>-

cpe:2.3:h:lenovo:thinkcentre_m630e:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-125	Primary	nvd@nist.gov
CWE-125	Secondary	psirt@lenovo.com

CWE ID: CWE-125

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-125

Type: Secondary

Source: psirt@lenovo.com

References

Hyperlink	Source	Resource
https://support.lenovo.com/us/en/product_security/LEN-94953	psirt@lenovo.com	Vendor Advisory

Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-94953

Source: psirt@lenovo.com

Resource:

Vendor Advisory