What is CVE-2022-1107?

CVE-2022-1107 is a medium-severity vulnerability in Lenovo Thinkpad Bios, classified under Improper Input Validation. CVSS score: 6.7/10. Published 2022-04-22.

How severe is CVE-2022-1107?

Medium severity. CVSS v3 base score is 6.7 out of 10.

Improper input validation in Lenovo Thinkpad Bios

CVE-2022-1107

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could all…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.000 (9.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Lenovo Thinkpad Bios — versions various

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

support.lenovo.com/us/en/product_security/LEN-84943 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-1107?: CVE-2022-1107 is a medium-severity vulnerability in Lenovo Thinkpad Bios, classified under Improper Input Validation. CVSS score: 6.7/10. Published 2022-04-22.
How severe is CVE-2022-1107?: Medium severity. CVSS v3 base score is 6.7 out of 10.