缺省权限不正确

CVE编号

CVE-2022-3430

利用情况

暂无

补丁情况

N/A

披露时间

2023-01-24
漏洞描述
A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接
https://support.lenovo.com/us/en/product_security/LEN-94952
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
系统 alma_linux_9 fwupd * Up to
(excluding)
1.8.10-2.el9.alma
运行在以下环境
系统 fedora_38 tinyexr * Up to
(excluding)
1.0.1-7.fc38
运行在以下环境
系统 fedora_40 godot * Up to
(excluding)
4.1.2-1.fc40
运行在以下环境
系统 lenovo d330-10igl_firmware * Up to
(excluding)
g0cn11ww
运行在以下环境
系统 lenovo ideapad_5_pro_16arh7_firmware * Up to
(excluding)
j5cn27ww
运行在以下环境
系统 lenovo ideapad_5_pro_16iah7_firmware * Up to
(excluding)
j4cn33ww
运行在以下环境
系统 lenovo ideapad_duet_3_10igl5_firmware * Up to
(excluding)
eqcn37ww
运行在以下环境
系统 lenovo ideapad_slim_7-14iil05_firmware * Up to
(excluding)
dhcn35ww
运行在以下环境
系统 lenovo ideapad_slim_7-14itl05_firmware * Up to
(excluding)
fbcn29ww
运行在以下环境
系统 lenovo ideapad_slim_7-15iil05_firmware * Up to
(excluding)
dhcn35ww
运行在以下环境
系统 lenovo slim_7-14are05_firmware * Up to
(excluding)
dmcn43ww
运行在以下环境
系统 lenovo slim_7-15imh05_firmware * Up to
(excluding)
dncn32ww
运行在以下环境
系统 lenovo slim_7-15itl05_firmware * Up to
(excluding)
fbcn29ww
运行在以下环境
系统 lenovo slim_7_16arh7_firmware * Up to
(excluding)
klcn15ww
运行在以下环境
系统 lenovo thinkbook_13x_itg_firmware * Up to
(excluding)
hlcn30ww
运行在以下环境
系统 lenovo thinkbook_14p_g3_arh_firmware * Up to
(excluding)
k4cn31ww
运行在以下环境
系统 lenovo thinkbook_14s_yoga_itl_firmware * Up to
(excluding)
fncn40ww
运行在以下环境
系统 lenovo thinkbook_14_g2_are_firmware * Up to
(excluding)
facn33ww
运行在以下环境
系统 lenovo thinkbook_14_g2_itl_firmware * Up to
(excluding)
f8cn52ww
运行在以下环境
系统 lenovo thinkbook_14_g3_acl_firmware * Up to
(excluding)
gqcn35ww_hfcn30ww
运行在以下环境
系统 lenovo thinkbook_14_g3_itl_firmware * Up to
(excluding)
hrcn13ww
运行在以下环境
系统 lenovo thinkbook_14_g4+_ara_firmware * Up to
(excluding)
j6cn40ww
运行在以下环境
系统 lenovo thinkbook_14_g4+_iap_firmware * Up to
(excluding)
hycn40ww
运行在以下环境
系统 lenovo thinkbook_15p_g2_ith_firmware * Up to
(excluding)
hjcn31ww
运行在以下环境
系统 lenovo thinkbook_15p_imp_firmware * Up to
(excluding)
f6cn25ww
运行在以下环境
系统 lenovo thinkbook_15_g2_are_firmware * Up to
(excluding)
facn33ww
运行在以下环境
系统 lenovo thinkbook_15_g2_itl_firmware * Up to
(excluding)
f8cn52ww
运行在以下环境
系统 lenovo thinkbook_15_g3_acl_firmware * Up to
(excluding)
gqcn35ww_hfcn30ww
运行在以下环境
系统 lenovo thinkbook_15_g3_itl_firmware * Up to
(excluding)
hrcn13ww
运行在以下环境
系统 lenovo thinkbook_15_gd_aba_firmware * Up to
(excluding)
jpcn20ww
运行在以下环境
系统 lenovo thinkbook_16p_g3_arh_firmware * Up to
(excluding)
kccn31ww
运行在以下环境
系统 lenovo thinkbook_16p_nx_arh_firmware * Up to
(excluding)
kjcn27ww
运行在以下环境
系统 lenovo thinkbook_16_g4+_ara_firmware * Up to
(excluding)
j6cn40ww
运行在以下环境
系统 lenovo thinkbook_16_g4+_iap_firmware * Up to
(excluding)
hycn40ww
运行在以下环境
系统 lenovo thinkbook_plus_g2_itg_firmware * Up to
(excluding)
gycn31ww
运行在以下环境
系统 lenovo thinkbook_plus_g3_iap_firmware * Up to
(excluding)
k6cn29ww
运行在以下环境
系统 lenovo yoga_creator_7-15imh05_firmware * Up to
(excluding)
dncn32ww
运行在以下环境
系统 lenovo yoga_duet_7-13iml05_firmware * Up to
(excluding)
ercn30ww
运行在以下环境
系统 lenovo yoga_duet_7-13itl6-lte_firmware * Up to
(excluding)
gpcn24ww
运行在以下环境
系统 lenovo yoga_duet_7-13itl6_firmware * Up to
(excluding)
gpcn24ww
运行在以下环境
系统 lenovo yoga_slim_7-14are05_firmware * Up to
(excluding)
dmcn43ww
运行在以下环境
系统 lenovo yoga_slim_7-14iil05_firmware * Up to
(excluding)
dmcn35ww
运行在以下环境
系统 lenovo yoga_slim_7-14itl05_firmware * Up to
(excluding)
fbcn29ww
运行在以下环境
系统 lenovo yoga_slim_7-15iil05_firmware * Up to
(excluding)
dhcn35ww
运行在以下环境
系统 lenovo yoga_slim_7-15imh05_firmware * Up to
(excluding)
dncn32ww
运行在以下环境
系统 lenovo yoga_slim_7-15itl05_firmware * Up to
(excluding)
fbcn29ww
运行在以下环境
系统 lenovo yoga_slim_7_pro_16arh7_firmware * Up to
(excluding)
klcn15ww
运行在以下环境
系统 oracle_9 fwupd * Up to
(excluding)
1.8.10-2.0.1.el9
运行在以下环境
系统 redhat_9 fwupd * Up to
(excluding)
1.8.10-2.el9
运行在以下环境
硬件 lenovo d330-10igl - -
运行在以下环境
硬件 lenovo ideapad_5_pro_16arh7 - -
运行在以下环境
硬件 lenovo ideapad_5_pro_16iah7 - -
运行在以下环境
硬件 lenovo ideapad_duet_3_10igl5 - -
运行在以下环境
硬件 lenovo ideapad_slim_7-14iil05 - -
运行在以下环境
硬件 lenovo ideapad_slim_7-14itl05 - -
运行在以下环境
硬件 lenovo ideapad_slim_7-15iil05 - -
运行在以下环境
硬件 lenovo slim_7-14are05 - -
运行在以下环境
硬件 lenovo slim_7-15imh05 - -
运行在以下环境
硬件 lenovo slim_7-15itl05 - -
运行在以下环境
硬件 lenovo slim_7_16arh7 - -
运行在以下环境
硬件 lenovo thinkbook_13x_itg - -
运行在以下环境
硬件 lenovo thinkbook_14p_g3_arh - -
运行在以下环境
硬件 lenovo thinkbook_14s_yoga_itl - -
运行在以下环境
硬件 lenovo thinkbook_14_g2_are - -
运行在以下环境
硬件 lenovo thinkbook_14_g2_itl - -
运行在以下环境
硬件 lenovo thinkbook_14_g3_acl - -
运行在以下环境
硬件 lenovo thinkbook_14_g3_itl - -
运行在以下环境
硬件 lenovo thinkbook_14_g4+_ara - -
运行在以下环境
硬件 lenovo thinkbook_14_g4+_iap - -
运行在以下环境
硬件 lenovo thinkbook_15p_g2_ith - -
运行在以下环境
硬件 lenovo thinkbook_15p_imp - -
运行在以下环境
硬件 lenovo thinkbook_15_g2_are - -
运行在以下环境
硬件 lenovo thinkbook_15_g2_itl - -
运行在以下环境
硬件 lenovo thinkbook_15_g3_acl - -
运行在以下环境
硬件 lenovo thinkbook_15_g3_itl - -
运行在以下环境
硬件 lenovo thinkbook_15_g4_aba - -
运行在以下环境
硬件 lenovo thinkbook_16p_g3_arh - -
运行在以下环境
硬件 lenovo thinkbook_16p_nx_arh - -
运行在以下环境
硬件 lenovo thinkbook_16_g4+_ara - -
运行在以下环境
硬件 lenovo thinkbook_16_g4+_iap - -
运行在以下环境
硬件 lenovo thinkbook_plus_g2_itg - -
运行在以下环境
硬件 lenovo thinkbook_plus_g3_iap - -
运行在以下环境
硬件 lenovo yoga_creator_7-15imh05 - -
运行在以下环境
硬件 lenovo yoga_duet_7-13iml05 - -
运行在以下环境
硬件 lenovo yoga_duet_7-13itl6 - -
运行在以下环境
硬件 lenovo yoga_duet_7-13itl6-lte - -
运行在以下环境
硬件 lenovo yoga_slim_7-14are05 - -
运行在以下环境
硬件 lenovo yoga_slim_7-14iil05 - -
运行在以下环境
硬件 lenovo yoga_slim_7-14itl05 - -
运行在以下环境
硬件 lenovo yoga_slim_7-15iil05 - -
运行在以下环境
硬件 lenovo yoga_slim_7-15imh05 - -
运行在以下环境
硬件 lenovo yoga_slim_7-15itl05 - -
运行在以下环境
硬件 lenovo yoga_slim_7_pro_16arh7 - -
CVSS3评分
6.7
  • 攻击路径
    本地
  • 攻击复杂度
  • 权限要求
  • 影响范围
    未更改
  • 用户交互
  • 可用性
  • 保密性
  • 完整性
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-ID 漏洞类型
CWE-276 缺省权限不正确
阿里云安全产品覆盖情况