CVE-2022-40137

Summary

A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
LenovoBIOSvariousaffected

Weaknesses

  • CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References