The five vulnerabilities — tracked from CVE-2022-40516 through CVE-2022-40520 — also impact Lenovo ThinkPad X13s laptops, prompting the Chinese PC maker to issue BIOS updates to plug the security holes.
The list of flaws is as follows:
- CVE-2022-40516, CVE-2022-40517 & CVE-2022-40520 (CVSS scores: 8.4) – Memory corruption in Core due to stack-based buffer overflow
- CVE-2022-40518 & CVE-2022-40519 (CVSS scores: 6.8) – Information disclosure due to buffer over-read in Core
Successful exploitation of the aforementioned flaws could allow a local adversary with elevated privileges to cause memory corruption or leak sensitive information, Lenovo noted in an alert published Tuesday.
Also remediated by Lenovo are four more buffer over-read vulnerabilities in ThinkPad X13 BIOS that could lead to information disclosure. The flaws are tracked as CVE-2022-4432, CVE-2022-4433, CVE-2022-4434, and CVE-2022-4435.