CVE-2022-3432

Summary

A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Affected Software

VendorProductVersion RangeStatus
LenovoBIOSvariousaffected

Weaknesses

  • CWE-276: CWE-276 Incorrect Default Permissions

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References