What is CVE-2022-40134?

CVE-2022-40134 is a medium-severity vulnerability in Lenovo Bios, classified under Out-of-bounds Read. CVSS score: 4.4/10. Published 2023-01-30.

How severe is CVE-2022-40134?

Medium severity. CVSS v3 base score is 4.4 out of 10.

Out-of-bounds Read in Lenovo Bios

CVE-2022-40134

An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

Vulnerability class: Buffer Overflow

EPSS: 0.002 (9.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.4 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N.

Affected products

Lenovo Bios — versions various
Lenovo Ideacentre_3-07ada05
Lenovo Ideacentre_3-07ada05_firmware — versions o4fkt29a
Lenovo Ideacentre_3_07iab7
Lenovo Ideacentre_3_07iab7_firmware — versions m49kt1da
Lenovo Ideacentre_3-07imb05
Lenovo Ideacentre_3-07imb05_firmware — versions m2vkt1da
Lenovo Ideacentre_510s-07icb
Lenovo Ideacentre_510s-07icb_firmware — versions m22kt47a, m22kt48a
Lenovo Ideacentre_510s-07ick

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

psirt@lenovo.com (Vendor Advisory)

Frequently asked questions

What is CVE-2022-40134?: CVE-2022-40134 is a medium-severity vulnerability in Lenovo Bios, classified under Out-of-bounds Read. CVSS score: 4.4/10. Published 2023-01-30.
How severe is CVE-2022-40134?: Medium severity. CVSS v3 base score is 4.4 out of 10.