CVE-2022-48182
CVE-2022-48182
In short
The BIOS tamper detection in certain ThinkPad laptops can fail to trigger under specific conditions, potentially allowing unauthorized people to access or modify the system's core software without being detected.
Technical detail
A bypass in the BIOS tamper detection mechanism (CWE-1263: Improper Validation of Specified Quantity in Input) on ThinkPad T14s Gen 3 and X13 Gen3 allows an attacker with physical access to circumvent security alerts when tampering with firmware. Detection failure occurs only under specific circumstances, reducing the effectiveness of this critical security control.
Summary generated and translated by AI from the official description.
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Affected products
Lenovo · ThinkPad T14s Gen 3 BIOS - LinuxLenovo · ThinkPad T14s X13 Gen3 BIOS - WindowsLenovo · ThinkPad X13 Gen3 BIOS - LinuxLenovo · ThinkPad X13 Gen3 BIOS - WindowsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →