🛡️ CVE-2022-1892
🟡 CVSS 6.7 — Medium ✅ No Known Exploit CWE-122 NVD
6.7
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

Details

Severity MEDIUM
CVSS Score 6.7
CVSS Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE CWE-122
Public Exploit ✅ No
Source NVD
Published 2023-01-26
Updated 2026-06-08
Modified 2024-11-21
Fix URL N/A

Affected Packages

Software From version Fixed in
100e-2nd-gen-firmware frcn23ww
100w-gen-3-firmware gacn38ww
13w-yoga-firmware jacn31ww
14w-gen-2-firmware h0cn21ww
300e-2nd-gen-firmware frcn23ww
300w-gen-3-firmware gacn38ww
500w-gen-3-firmware g6cn40ww
730s-13iml-firmware brcn20ww
flex-3-11ada05-firmware fpcn26ww
flex-5-14alc05-firmware gjcn27ww
flex-5-14are05-firmware eecn39ww
flex-5-14iil05-firmware eecn40ww
flex-5-14itl05-firmware fxcn38ww
flex-5-15alc05-firmware gjcn27ww
flex-5-15iil05-firmware eccn40ww
flex-5-15itl05-firmware fxcn38ww
ideapad-1-11ada05-firmware fqcn26ww
ideapad-1-11igl05-firmware dwcn24ww
ideapad-1-14ada05-firmware fqcn26ww
ideapad-1-14igl05-firmware dwcn24ww
ideapad-3-14ada05-firmware e8cn36ww
ideapad-3-14ada6-firmware hbcn24ww
ideapad-3-14alc6-firmware glcn48ww
ideapad-3-15ada05-firmware e8cn36ww
ideapad-3-15ada6-firmware hbcn24ww
ideapad-3-15alc6-firmware glcn48ww
ideapad-3-17ada05-firmware hbcn24ww
ideapad-3-17ada6-firmware glcn48ww
ideapad-3-17alc6-firmware e8cn36ww
ideapad-5-15aba7-firmware kacn14ww
ideapad-5-15alc05-firmware h2cn27ww
ideapad-flex-5-14alc7-firmware jccn29ww
ideapad-flex-5-16alc7-firmware jccn29ww
ideapad-s940-14iil-firmware bqcn34ww
ideapad-slim-1-11ast-05-firmware cwcn25ww
ideapad-slim-1-14ast-05-firmware cwcn25ww
legion-s7-15ach6-firmware g1cn27ww
legion-s7-15arh5-firmware fdcn40ww
legion-s7-15imh5-firmware hacn37ww
s145-14api-firmware bucn33ww
s145-14ast-firmware aycn28ww
s145-15api-firmware bucn33ww
s145-15ast-firmware aycn28ww
s540-13api-firmware cxcn36ww
thinkbook-13s-g2-are-firmware fvcn24ww
thinkbook-13s-g2-itl-firmware f9cn50ww
thinkbook-13s-g3-acn-firmware gmcn29ww
thinkbook-13s-iml-firmware cqcn37ww
thinkbook-14-iil-firmware djcn28ww
thinkbook-14-iml-firmware cjcn38ww
thinkbook-14p-g2-ach-firmware gwcn41ww
thinkbook-14s-g2-itl-firmware f9cn50ww
thinkbook-14s-iml-firmware cqcn37ww
thinkbook-15-iil-firmware djcn28ww
thinkbook-15-iml-firmware cjcn38ww
thinkbook-16p-g2-ach-firmware gxcn42ww
v130-15ikb-firmware 8vcn31ww
v14-ada-firmware e8cn36ww
v14-g2-alc-firmware glcn48ww
v15-ada-firmware e8cn36ww
v15-g2-alc-firmware glcn48ww
yoga-9-15imh5-firmware epcn28ww
yoga-c640-13iml-firmware chcn28ww
yoga-c640-13iml-lte-firmware chcn28ww
yoga-c940-15irh-firmware bscn37ww
yoga-s730-13iml-firmware brcn20ww
yoga-s940-14iil-firmware bqcn34ww
yoga-slim-7-pro-14ach5-firmware gzcn29ww
yoga-slim-7-pro-14ach5-o-firmware gzcn29ww
yoga-slim-7-pro-14arh5-firmware gzcn24ww

Patch Gap Protection

Running software with known vulnerabilities?

BotEraser can help reduce exposure by blocking IPs associated with exploit activity — even before a patch is available.

Start Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.