CVE & CISA-KEV Catalog

CVE-2022-48188

MEDIUM
6.7
CVSS v3
NVD

Description

A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.

How to fix

Remediation Available
ideacentre 510s-07icb firmwareNVD
Affected:< m22kt49aFixed in:m22kt49aCVE-2022-48188derived from NVD
ideacentre 510s-07ick firmwareNVD
Affected:< m1zkt40aFixed in:m1zkt40aCVE-2022-48188derived from NVD
ideacentre 720-18apr firmwareNVD
Affected:< m25kt63aFixed in:m25kt63aCVE-2022-48188derived from NVD
ideacentre aio 3-22itl6 firmwareNVD
Affected:< o5akt33Fixed in:o5akt33CVE-2022-48188derived from NVD
ideacentre aio 3-24itl6 firmwareNVD
Affected:< o5akt33Fixed in:o5akt33CVE-2022-48188derived from NVD
ideacentre aio 3-27itl6 firmwareNVD
Affected:< o5akt33Fixed in:o5akt33CVE-2022-48188derived from NVD
ideacentre aio 3 21itl7 firmwareNVD
Affected:< o5akt33Fixed in:o5akt33CVE-2022-48188derived from NVD
thinkcentre m720e firmwareNVD
Affected:< m1zkt40aFixed in:m1zkt40aCVE-2022-48188derived from NVD
thinkcentre m720q firmwareNVD
Affected:< m1ukt70aFixed in:m1ukt70aCVE-2022-48188derived from NVD
thinkcentre m720s firmwareNVD
Affected:< m1ukt70aFixed in:m1ukt70aCVE-2022-48188derived from NVD
thinkcentre m720t firmwareNVD
Affected:< m1ukt70aFixed in:m1ukt70aCVE-2022-48188derived from NVD
thinkcentre m725s firmwareNVD
Affected:< m25kt63aFixed in:m25kt63aCVE-2022-48188derived from NVD
thinkcentre m75s gen 2 firmwareNVD
Affected:< m3bkt30aFixed in:m3bkt30aCVE-2022-48188derived from NVD
thinkcentre m75t gen 2 firmwareNVD
Affected:< m3akt4caFixed in:m3akt4caCVE-2022-48188derived from NVD
thinkcentre m920q firmwareNVD
Affected:< m1ukt70aFixed in:m1ukt70aCVE-2022-48188derived from NVD
thinkcentre m920s firmwareNVD
Affected:< m1ukt70aFixed in:m1ukt70aCVE-2022-48188derived from NVD
thinkcentre m920t firmwareNVD
Affected:< m1ukt70aFixed in:m1ukt70aCVE-2022-48188derived from NVD
thinkcentre m920x firmwareNVD
Affected:< m1ukt70aFixed in:m1ukt70aCVE-2022-48188derived from NVD
thinkcentre m920z firmwareNVD
Affected:< m1mkt55aFixed in:m1mkt55aCVE-2022-48188derived from NVD
thinkstation p330 tiny firmwareNVD
Affected:< m1ukt70aFixed in:m1ukt70aCVE-2022-48188derived from NVD
thinkstation p360 ultra firmwareNVD
Affected:< s0fkt27aFixed in:s0fkt27aCVE-2022-48188derived from NVD
thinkstation p520 firmwareNVD
Affected:< s03kt58aFixed in:s03kt58aCVE-2022-48188derived from NVD
thinkstation p520c firmwareNVD
Affected:< s03kt58aFixed in:s03kt58aCVE-2022-48188derived from NVD
v30a-22itl firmwareNVD
Affected:< o5akt33Fixed in:o5akt33CVE-2022-48188derived from NVD
v30a-24itl firmwareNVD
Affected:< o5akt33Fixed in:o5akt33CVE-2022-48188derived from NVD
v530s-07icb firmwareNVD
Affected:< m22kt49aFixed in:m22kt49aCVE-2022-48188derived from NVD
v530s-07icr firmwareNVD
Affected:< m1zkt40aFixed in:m1zkt40aCVE-2022-48188derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

0.19%probability of exploitation in 30 days
9thpercentile

Low risk: more likely to be exploited than 9% of all known CVEs.

References

Vendor Advisory1

Related Vulnerabilities

Other CWE-787 (Out-of-bounds Write) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2025-22457Critical9.0100%KEV + RansomFix
CVE-2025-0282Critical9.0100%KEV + Ransom-
CVE-2015-3113Critical9.8100%KEVFix
CVE-2021-20038Critical9.8100%KEV + Ransom-
CVE-2023-4863High8.8100%KEVFix
CVE-2020-16040Medium6.5100%-Fix
Embed a live status badge for CVE-2022-48188
CVE-2022-48188 severity badge

Markdown

[![CVE-2022-48188](https://tridentstack.com/cve/badge/CVE-2022-48188.svg)](https://tridentstack.com/cve/CVE-2022-48188)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-48188"><img src="https://tridentstack.com/cve/badge/CVE-2022-48188.svg" alt="CVE-2022-48188"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.