What is CVE-2022-48188?

CVE-2022-48188 is a medium-severity vulnerability in Lenovo Ideacentre_510s-07icb, classified under Out-of-bounds Write. CVSS score: 6.7/10. Published 2023-06-05.

How severe is CVE-2022-48188?

Medium severity. CVSS v3 base score is 6.7 out of 10.

Buffer overflow in Lenovo Ideacentre_510s-07icb

CVE-2022-48188

A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.

Vulnerability class: Buffer Overflow

EPSS: 0.002 (9.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Lenovo Ideacentre_510s-07icb
Lenovo Ideacentre_510s-07icb_firmware
Lenovo Ideacentre_510s-07ick
Lenovo Ideacentre_510s-07ick_firmware
Lenovo Ideacentre_720-18apr
Lenovo Ideacentre_720-18apr_firmware
Lenovo Ideacentre_aio_3_21itl7
Lenovo Ideacentre_aio_3_21itl7_firmware
Lenovo Ideacentre_aio_3-22itl6
Lenovo Ideacentre_aio_3-22itl6_firmware

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

psirt@lenovo.com (Vendor Advisory)

Frequently asked questions

What is CVE-2022-48188?: CVE-2022-48188 is a medium-severity vulnerability in Lenovo Ideacentre_510s-07icb, classified under Out-of-bounds Write. CVSS score: 6.7/10. Published 2023-06-05.
How severe is CVE-2022-48188?: Medium severity. CVSS v3 base score is 6.7 out of 10.