CVE & CISA-KEV Catalog

CVE-2022-40136

MEDIUM
4.4
CVSS v3
NVD

Description

An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

How to fix

Remediation Available
ideacentre 3-07ada05 firmwareNVD
Affected:< o4fkt29aFixed in:o4fkt29aCVE-2022-40136derived from NVD
ideacentre 3-07imb05 firmwareNVD
Affected:< m2vkt1daFixed in:m2vkt1daCVE-2022-40136derived from NVD
ideacentre 3 07iab7 firmwareNVD
Affected:< m49kt1daFixed in:m49kt1daCVE-2022-40136derived from NVD
ideacentre 5-14acn6 firmwareNVD
Affected:< o5ekt21aFixed in:o5ekt21aCVE-2022-40136derived from NVD
ideacentre 5-14are05 firmwareNVD
Affected:< o4zkt29aFixed in:o4zkt29aCVE-2022-40136derived from NVD
ideacentre 5-14imb05 firmwareNVD
Affected:< o4hkt38aFixed in:o4hkt38aCVE-2022-40136derived from NVD
ideacentre 5-14iob6 firmwareNVD
Affected:< m3gkt33aFixed in:m3gkt33aCVE-2022-40136derived from NVD
ideacentre 510-15ick firmwareNVD
Affected:< o4kkt16aFixed in:o4kkt16aCVE-2022-40136derived from NVD
ideacentre 510a-15arr firmwareNVD
Affected:< o4dkt43aFixed in:o4dkt43aCVE-2022-40136derived from NVD
ideacentre 510a-15ick firmwareNVD
Affected:< o4kkt16aFixed in:o4kkt16aCVE-2022-40136derived from NVD
ideacentre 510s-07icb firmwareNVD
Affected:< m22kt47aFixed in:m22kt47aCVE-2022-40136derived from NVD
ideacentre 510s-07ick firmwareNVD
Affected:< m30kt26aFixed in:m30kt26aCVE-2022-40136derived from NVD
ideacentre 5 14iab7 firmwareNVD
Affected:< m42kt40aFixed in:m42kt40aCVE-2022-40136derived from NVD
ideacentre 720-18apr firmwareNVD
Affected:< m25kt61aFixed in:m25kt61aCVE-2022-40136derived from NVD
ideacentre a340-22igm firmwareNVD
Affected:< o51kt12aFixed in:o51kt12aCVE-2022-40136derived from NVD
ideacentre a340-24igm firmwareNVD
Affected:< o51kt12aFixed in:o51kt12aCVE-2022-40136derived from NVD
ideacentre c5-14imb05 firmwareNVD
Affected:< o4hkt38aFixed in:o4hkt38aCVE-2022-40136derived from NVD
ideacentre g5-14amr05 firmwareNVD
Affected:< o4zkt29aFixed in:o4zkt29aCVE-2022-40136derived from NVD
ideacentre g5-14imb05 firmwareNVD
Affected:< o4hkt38aFixed in:o4hkt38aCVE-2022-40136derived from NVD
ideacentre gaming 5-14acn6 firmwareNVD
Affected:< o5ekt21aFixed in:o5ekt21aCVE-2022-40136derived from NVD
ideacentre gaming 5-14iob6 firmwareNVD
Affected:< m3gkt33aFixed in:m3gkt33aCVE-2022-40136derived from NVD
ideacentre gaming 5 17acn7 firmwareNVD
Affected:< o5ekt21aFixed in:o5ekt21aCVE-2022-40136derived from NVD
ideacentre gaming 5 17iab7 firmwareNVD
Affected:< m42kt40aFixed in:m42kt40aCVE-2022-40136derived from NVD
ideacentre t540-15ama g firmwareNVD
Affected:< m2ckt4daFixed in:m2ckt4daCVE-2022-40136derived from NVD
ideacentre t540-15ick firmwareNVD
Affected:< o4kkt16aFixed in:o4kkt16aCVE-2022-40136derived from NVD
legion c530-19icb firmwareNVD
Affected:< o4bkt20aFixed in:o4bkt20aCVE-2022-40136derived from NVD
legion t5-26iob6 firmwareNVD
Affected:< o54kt1daFixed in:o54kt1daCVE-2022-40136derived from NVD
legion t5-28icb05 firmwareNVD
Affected:< o4bkt20aFixed in:o4bkt20aCVE-2022-40136derived from NVD
legion t530-28apr firmwareNVD
Affected:< o4gkt16aFixed in:o4gkt16aCVE-2022-40136derived from NVD
legion t530-28icb firmwareNVD
Affected:< o4bkt20aFixed in:o4bkt20aCVE-2022-40136derived from NVD
legion t7-34imz5 firmwareNVD
Affected:< o4lkt1eaFixed in:o4lkt1eaCVE-2022-40136derived from NVD
qitian a815 firmwareNVD
Affected:< m1rkt38aFixed in:m1rkt38aCVE-2022-40136derived from NVD
qt b415 firmwareNVD
Affected:< m16kt68aFixed in:m16kt68aCVE-2022-40136derived from NVD
qt m410 firmwareNVD
Affected:< m16kt68aFixed in:m16kt68aCVE-2022-40136derived from NVD
qt m415 firmwareNVD
Affected:< m16kt68aFixed in:m16kt68aCVE-2022-40136derived from NVD
stadia ggp-120 firmwareNVD
Affected:< s03kt55aFixed in:s03kt55aCVE-2022-40136derived from NVD
thinkcentre e75 t\/s firmwareNVD
Affected:< m16kt68aFixed in:m16kt68aCVE-2022-40136derived from NVD
thinkcentre e96z firmwareNVD
Affected:< m26kt22aFixed in:m26kt22aCVE-2022-40136derived from NVD
thinkcentre m60e tiny firmwareNVD
Affected:< m3skt21aFixed in:m3skt21aCVE-2022-40136derived from NVD
thinkcentre m610 firmwareNVD
Affected:< m1akt56aFixed in:m1akt56aCVE-2022-40136derived from NVD
thinkcentre m625q firmwareNVD
Affected:< m1wkt45aFixed in:m1wkt45aCVE-2022-40136derived from NVD
thinkcentre m630e firmwareNVD
Affected:< m28kt37aFixed in:m28kt37aCVE-2022-40136derived from NVD
thinkcentre m70a firmwareNVD
Affected:< m2skt25aFixed in:m2skt25aCVE-2022-40136derived from NVD
thinkcentre m70a gen 2 firmwareNVD
Affected:< m3nkt20aFixed in:m3nkt20aCVE-2022-40136derived from NVD
thinkcentre m70c firmwareNVD
Affected:< m2vkt1daFixed in:m2vkt1daCVE-2022-40136derived from NVD
thinkcentre m70q firmwareNVD
Affected:< m2wkt57aFixed in:m2wkt57aCVE-2022-40136derived from NVD
thinkcentre m70q gen 2 firmwareNVD
Affected:< m2wkt57aFixed in:m2wkt57aCVE-2022-40136derived from NVD
thinkcentre m70q gen 3 firmwareNVD
Affected:< m43kt16aFixed in:m43kt16aCVE-2022-40136derived from NVD
thinkcentre m70s firmwareNVD
Affected:< m2tkt50aFixed in:m2tkt50aCVE-2022-40136derived from NVD
thinkcentre m70s gen 3 firmwareNVD
Affected:< m41kt2daFixed in:m41kt2daCVE-2022-40136derived from NVD
thinkcentre m70t firmwareNVD
Affected:< m2tkt50aFixed in:m2tkt50aCVE-2022-40136derived from NVD
thinkcentre m70t gen 3 firmwareNVD
Affected:< m41kt2daFixed in:m41kt2daCVE-2022-40136derived from NVD
thinkcentre m710e firmwareNVD
Affected:< m1zkt38aFixed in:m1zkt38aCVE-2022-40136derived from NVD
thinkcentre m710q firmwareNVD
Affected:< m1akt56aFixed in:m1akt56aCVE-2022-40136derived from NVD
thinkcentre m710s firmwareNVD
Affected:< m16kt68aFixed in:m16kt68aCVE-2022-40136derived from NVD
thinkcentre m710t firmwareNVD
Affected:< m16kt68aFixed in:m16kt68aCVE-2022-40136derived from NVD
thinkcentre m715q firmwareNVD
Affected:< m11kt54aFixed in:m11kt54aCVE-2022-40136derived from NVD
thinkcentre m715t firmwareNVD
Affected:< m2ckt4daFixed in:m2ckt4daCVE-2022-40136derived from NVD
thinkcentre m720e firmwareNVD
Affected:< m30kt26aFixed in:m30kt26aCVE-2022-40136derived from NVD
thinkcentre m720q firmwareNVD
Affected:< m1ukt67aFixed in:m1ukt67aCVE-2022-40136derived from NVD
thinkcentre m720s firmwareNVD
Affected:< m1ukt67aFixed in:m1ukt67aCVE-2022-40136derived from NVD
thinkcentre m720t firmwareNVD
Affected:< m1ukt67aFixed in:m1ukt67aCVE-2022-40136derived from NVD
thinkcentre m725s firmwareNVD
Affected:< m25kt61aFixed in:m25kt61aCVE-2022-40136derived from NVD
thinkcentre m75n firmwareNVD
Affected:< m33kt25aFixed in:m33kt25aCVE-2022-40136derived from NVD
thinkcentre m75q-1 firmwareNVD
Affected:< m2fkt2daFixed in:m2fkt2daCVE-2022-40136derived from NVD
thinkcentre m75q gen 2 firmwareNVD
Affected:< m47kt24aFixed in:m47kt24aCVE-2022-40136derived from NVD
thinkcentre m75s-1 firmwareNVD
Affected:< m2ckt4daFixed in:m2ckt4daCVE-2022-40136derived from NVD
thinkcentre m75s gen 2 firmwareNVD
Affected:< m46kt2daFixed in:m46kt2daCVE-2022-40136derived from NVD
thinkcentre m75t gen 2 firmwareNVD
Affected:< m46kt2daFixed in:m46kt2daCVE-2022-40136derived from NVD
thinkcentre m80q firmwareNVD
Affected:< m2wkt57aFixed in:m2wkt57aCVE-2022-40136derived from NVD
thinkcentre m80s firmwareNVD
Affected:< m2tkt50aFixed in:m2tkt50aCVE-2022-40136derived from NVD
thinkcentre m80t firmwareNVD
Affected:< m2tkt50aFixed in:m2tkt50aCVE-2022-40136derived from NVD
thinkcentre m810z firmwareNVD
Affected:< m1ckt49aFixed in:m1ckt49aCVE-2022-40136derived from NVD
thinkcentre m818z firmwareNVD
Affected:< m1ekt25aFixed in:m1ekt25aCVE-2022-40136derived from NVD
thinkcentre m820z firmwareNVD
Affected:< m1nkt58aFixed in:m1nkt58aCVE-2022-40136derived from NVD
thinkcentre m90a firmwareNVD
Affected:< m2rkt52aFixed in:m2rkt52aCVE-2022-40136derived from NVD
thinkcentre m90a gen2 firmwareNVD
Affected:< m3lkt26aFixed in:m3lkt26aCVE-2022-40136derived from NVD
thinkcentre m90q gen 2 firmwareNVD
Affected:< m3jkt34aFixed in:m3jkt34aCVE-2022-40136derived from NVD
thinkcentre m90q tiny firmwareNVD
Affected:< m2wkt57aFixed in:m2wkt57aCVE-2022-40136derived from NVD
thinkcentre m90s firmwareNVD
Affected:< m2tkt50aFixed in:m2tkt50aCVE-2022-40136derived from NVD
thinkcentre m910q firmwareNVD
Affected:< m1akt56aFixed in:m1akt56aCVE-2022-40136derived from NVD
thinkcentre m910s firmwareNVD
Affected:< m1akt56aFixed in:m1akt56aCVE-2022-40136derived from NVD
thinkcentre m910t firmwareNVD
Affected:< m1akt56aFixed in:m1akt56aCVE-2022-40136derived from NVD
thinkcentre m910x firmwareNVD
Affected:< m1akt56aFixed in:m1akt56aCVE-2022-40136derived from NVD
thinkcentre m920q firmwareNVD
Affected:< m1ukt67aFixed in:m1ukt67aCVE-2022-40136derived from NVD
thinkcentre m920s firmwareNVD
Affected:< m1ukt67aFixed in:m1ukt67aCVE-2022-40136derived from NVD
thinkcentre m920t firmwareNVD
Affected:< m1ukt67aFixed in:m1ukt67aCVE-2022-40136derived from NVD
thinkcentre m920x firmwareNVD
Affected:< m1ukt67aFixed in:m1ukt67aCVE-2022-40136derived from NVD
thinkcentre neo 50s gen 3 firmwareNVD
Affected:< m49kt1daFixed in:m49kt1daCVE-2022-40136derived from NVD
thinkcentre neo 50t gen 3 firmwareNVD
Affected:< m42kt40aFixed in:m42kt40aCVE-2022-40136derived from NVD
thinkedge se30 firmwareNVD
Affected:< m3fkt29aFixed in:m3fkt29aCVE-2022-40136derived from NVD
thinksmart hub teams firmwareNVD
Affected:< m2xkt20aFixed in:m2xkt20aCVE-2022-40136derived from NVD
thinksmart hub zoom firmwareNVD
Affected:< m2xkt20aFixed in:m2xkt20aCVE-2022-40136derived from NVD
thinkstation p318 firmwareNVD
Affected:< m1akt56aFixed in:m1akt56aCVE-2022-40136derived from NVD
thinkstation p320 firmwareNVD
Affected:< s06kt59aFixed in:s06kt59aCVE-2022-40136derived from NVD
thinkstation p320 tiny firmwareNVD
Affected:< m1akt56aFixed in:m1akt56aCVE-2022-40136derived from NVD
thinkstation p330 tiny firmwareNVD
Affected:< m1ukt67aFixed in:m1ukt67aCVE-2022-40136derived from NVD
thinkstation p340 firmwareNVD
Affected:< s08kt50aFixed in:s08kt50aCVE-2022-40136derived from NVD
thinkstation p340 tiny firmwareNVD
Affected:< m2wkt57aFixed in:m2wkt57aCVE-2022-40136derived from NVD
thinkstation p348 firmwareNVD
Affected:< m3kkt34aFixed in:m3kkt34aCVE-2022-40136derived from NVD
thinkstation p350 tiny firmwareNVD
Affected:< m3jkt34aFixed in:m3jkt34aCVE-2022-40136derived from NVD
thinkstation p520 firmwareNVD
Affected:< s03kt55aFixed in:s03kt55aCVE-2022-40136derived from NVD
thinkstation p520c firmwareNVD
Affected:< s03kt55aFixed in:s03kt55aCVE-2022-40136derived from NVD
thinkstation p620 firmwareNVD
Affected:< s07kt25aFixed in:s07kt25aCVE-2022-40136derived from NVD
thinkstation p720 firmwareNVD
Affected:< s05kt62aFixed in:s05kt62aCVE-2022-40136derived from NVD
thinkstation p920 firmwareNVD
Affected:< s05kt62aFixed in:s05kt62aCVE-2022-40136derived from NVD
thinksystem st50 firmwareNVD
Affected:< ite123eFixed in:ite123eCVE-2022-40136derived from NVD
thinksystem st58 firmwareNVD
Affected:< ite123eFixed in:ite123eCVE-2022-40136derived from NVD
v30a-22iml firmwareNVD
Affected:< m37kt28aFixed in:m37kt28aCVE-2022-40136derived from NVD
v30a-24iml firmwareNVD
Affected:< m37kt28aFixed in:m37kt28aCVE-2022-40136derived from NVD
v330-20icb firmwareNVD
Affected:< m1qkt47aFixed in:m1qkt47aCVE-2022-40136derived from NVD
v35s-07ada firmwareNVD
Affected:< o4fkt29aFixed in:o4fkt29aCVE-2022-40136derived from NVD
v50a-22imb firmwareNVD
Affected:< m36kt28aFixed in:m36kt28aCVE-2022-40136derived from NVD
v50a-24imb firmwareNVD
Affected:< m36kt28aFixed in:m36kt28aCVE-2022-40136derived from NVD
v50s-07imb firmwareNVD
Affected:< m2vkt1daFixed in:m2vkt1daCVE-2022-40136derived from NVD
v50t-13imb firmwareNVD
Affected:< o4hkt38aFixed in:o4hkt38aCVE-2022-40136derived from NVD
v50t-13iob g2 firmwareNVD
Affected:< m3gkt33aFixed in:m3gkt33aCVE-2022-40136derived from NVD
v520 firmwareNVD
Affected:< m16kt68aFixed in:m16kt68aCVE-2022-40136derived from NVD
v520s firmwareNVD
Affected:< m16kt68aFixed in:m16kt68aCVE-2022-40136derived from NVD
v530-15arr firmwareNVD
Affected:< o4dkt43aFixed in:o4dkt43aCVE-2022-40136derived from NVD
v530-15icb firmwareNVD
Affected:< m1ykt70aFixed in:m1ykt70aCVE-2022-40136derived from NVD
v530-15icr firmwareNVD
Affected:< m2ykt31aFixed in:m2ykt31aCVE-2022-40136derived from NVD
v530-22icb firmwareNVD
Affected:< m20kt52aFixed in:m20kt52aCVE-2022-40136derived from NVD
v530-24icb firmwareNVD
Affected:< m20kt52aFixed in:m20kt52aCVE-2022-40136derived from NVD
v530s-07icb firmwareNVD
Affected:< m22kt48aFixed in:m22kt48aCVE-2022-40136derived from NVD
v530s-07icr firmwareNVD
Affected:< m30kt26aFixed in:m30kt26aCVE-2022-40136derived from NVD
v540-24iwl firmwareNVD
Affected:< m29kt39aFixed in:m29kt39aCVE-2022-40136derived from NVD
v55t-15api firmwareNVD
Affected:< o4dkt43aFixed in:o4dkt43aCVE-2022-40136derived from NVD
v55t-15are firmwareNVD
Affected:< o4dkt43aFixed in:o4dkt43aCVE-2022-40136derived from NVD
v55t gen 2 13acn firmwareNVD
Affected:< o5jkt20aFixed in:o5jkt20aCVE-2022-40136derived from NVD
yoga a940-27icb firmwareNVD
Affected:< o43kt43aFixed in:o43kt43aCVE-2022-40136derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityNone
AvailabilityNone

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploit Intelligence

0.20%probability of exploitation in 30 days
9thpercentile

Low risk: more likely to be exploited than 9% of all known CVEs.

References

Vendor Advisory1

Related Vulnerabilities

Other CWE-125 (Out-of-bounds Read) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2014-0160High7.5100%KEVFix
CVE-2025-5777High7.5100%KEV + RansomFix
CVE-2021-4034High7.895%KEVFix
CVE-2023-21769High7.592%-Fix
CVE-2023-49285High8.689%-Fix
CVE-2020-8794Critical9.889%-Fix
Embed a live status badge for CVE-2022-40136
CVE-2022-40136 severity badge

Markdown

[![CVE-2022-40136](https://tridentstack.com/cve/badge/CVE-2022-40136.svg)](https://tridentstack.com/cve/CVE-2022-40136)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-40136"><img src="https://tridentstack.com/cve/badge/CVE-2022-40136.svg" alt="CVE-2022-40136"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.