What is CVE-2022-40135?

CVE-2022-40135 is a medium-severity vulnerability in Lenovo Bios, classified under Out-of-bounds Read. CVSS score: 4.4/10. Published 2023-01-30.

How severe is CVE-2022-40135?

Medium severity. CVSS v3 base score is 4.4 out of 10.

Out-of-bounds Read in Lenovo Bios

CVE-2022-40135

An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

Vulnerability class: Buffer Overflow

EPSS: 0.002 (9.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.4 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N.

Affected products

Lenovo Bios — versions various
Lenovo Ideacentre_3-07ada05
Lenovo Ideacentre_3-07ada05_firmware
Lenovo Ideacentre_3_07iab7
Lenovo Ideacentre_3_07iab7_firmware
Lenovo Ideacentre_3-07imb05
Lenovo Ideacentre_3-07imb05_firmware
Lenovo Ideacentre_510-15ick
Lenovo Ideacentre_510-15ick_firmware
Lenovo Ideacentre_510a-15arr

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

psirt@lenovo.com (Vendor Advisory)

Frequently asked questions

What is CVE-2022-40135?: CVE-2022-40135 is a medium-severity vulnerability in Lenovo Bios, classified under Out-of-bounds Read. CVSS score: 4.4/10. Published 2023-01-30.
How severe is CVE-2022-40135?: Medium severity. CVSS v3 base score is 4.4 out of 10.