CVE & CISA-KEV Catalog

CVE-2022-1107

MEDIUM
6.7
CVSS v3
NVD

Description

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.

How to fix

Remediation Available
thinkpad 11e firmwareNVD
Affected:< n15et78wFixed in:n15et78wCVE-2022-1107derived from NVD
thinkpad 11e yoga firmwareNVD
Affected:< n15et78wFixed in:n15et78wCVE-2022-1107derived from NVD
thinkpad helix firmwareNVD
Affected:< n17eta8wFixed in:n17eta8wCVE-2022-1107derived from NVD
thinkpad l560 firmwareNVD
Affected:< n1het85wFixed in:n1het85wCVE-2022-1107derived from NVD
thinkpad l570 firmwareNVD
Affected:< n1xet65wFixed in:n1xet65wCVE-2022-1107derived from NVD
thinkpad p50s firmwareNVD
Affected:< n1ket46wFixed in:n1ket46wCVE-2022-1107derived from NVD
thinkpad p51s firmwareNVD
Affected:< n1vet50wFixed in:n1vet50wCVE-2022-1107derived from NVD
thinkpad p52s firmwareNVD
Affected:< n27et36wFixed in:n27et36wCVE-2022-1107derived from NVD
thinkpad s540 firmwareNVD
Affected:< gpet80wwFixed in:gpet80wwCVE-2022-1107derived from NVD
thinkpad t550 firmwareNVD
Affected:< n11et50wFixed in:n11et50wCVE-2022-1107derived from NVD
thinkpad t560 firmwareNVD
Affected:< n1ket46wFixed in:n1ket46wCVE-2022-1107derived from NVD
thinkpad t570 firmwareNVD
Affected:< n1vet50wFixed in:n1vet50wCVE-2022-1107derived from NVD
thinkpad t580 firmwareNVD
Affected:< n27et36wFixed in:n27et36wCVE-2022-1107derived from NVD
thinkpad w540 firmwareNVD
Affected:< gnet92wwFixed in:gnet92wwCVE-2022-1107derived from NVD
thinkpad w541 firmwareNVD
Affected:< gnet92wwFixed in:gnet92wwCVE-2022-1107derived from NVD
thinkpad w550s firmwareNVD
Affected:< n11et50wFixed in:n11et50wCVE-2022-1107derived from NVD
thinkpad x1 carbon 3rd gen firmwareNVD
Affected:< n14et52wFixed in:n14et52wCVE-2022-1107derived from NVD
thinkpad x1 carbon 4th gen firmwareNVD
Affected:< n1fet70wFixed in:n1fet70wCVE-2022-1107derived from NVD
thinkpad x1 carbon 5th gen kabylake firmwareNVD
Affected:< n1met55wFixed in:n1met55wCVE-2022-1107derived from NVD
thinkpad x1 carbon 5th gen skylake firmwareNVD
Affected:< n1met55wFixed in:n1met55wCVE-2022-1107derived from NVD
thinkpad x1 tablet gen 1 firmwareNVD
Affected:< n1let86wFixed in:n1let86wCVE-2022-1107derived from NVD
thinkpad x1 tablet gen 2 firmwareNVD
Affected:< n1oet50wFixed in:n1oet50wCVE-2022-1107derived from NVD
thinkpad x1 yoga firmwareNVD
Affected:< n1fet70wFixed in:n1fet70wCVE-2022-1107derived from NVD
thinkpad x1 yoga gen 2 firmwareNVD
Affected:< n1net47wFixed in:n1net47wCVE-2022-1107derived from NVD
thinkpad x1 yoga gen 3 firmwareNVD
Affected:< n25et50wFixed in:n25et50wCVE-2022-1107derived from NVD
thinkpad x250 firmwareNVD
Affected:< n10et58wFixed in:n10et58wCVE-2022-1107derived from NVD
thinkpad x280 firmwareNVD
Affected:< n20et44wFixed in:n20et44wCVE-2022-1107derived from NVD
thinkpad x390 firmwareNVD
Affected:< n2let60wFixed in:n2let60wCVE-2022-1107derived from NVD
thinkpad yoga 15 firmwareNVD
Affected:< n19et61wFixed in:n19et61wCVE-2022-1107derived from NVD
thinkpad yoga 260 firmwareNVD
Affected:< n1get98wFixed in:n1get98wCVE-2022-1107derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

0.25%probability of exploitation in 30 days
17thpercentile

Low risk: more likely to be exploited than 17% of all known CVEs.

References

Vendor Advisory1

Related Vulnerabilities

Other CWE-20 (Improper Input Validation) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2024-3400Critical10.0100%KEV + Ransom-
CVE-2021-45105Medium5.9100%-Fix
CVE-2021-44228Critical10.0100%KEV + RansomFix
CVE-2021-21985Critical9.8100%KEV + RansomFix
CVE-2018-7600Critical9.8100%KEV + RansomFix
CVE-2020-3452High7.5100%KEVFix
Embed a live status badge for CVE-2022-1107
CVE-2022-1107 severity badge

Markdown

[![CVE-2022-1107](https://tridentstack.com/cve/badge/CVE-2022-1107.svg)](https://tridentstack.com/cve/CVE-2022-1107)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-1107"><img src="https://tridentstack.com/cve/badge/CVE-2022-1107.svg" alt="CVE-2022-1107"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.