BIOS Tamper Detection Flaw in Lenovo ThinkPad T14s Gen 3 and X13 Gen 3
CVE-2022-48182

6.1MEDIUM

Key Information:

Vendor: Lenovo
Status: Thinkpad T14s X13 Gen3 BiOS - Windows; Thinkpad X13 Gen3 BiOS - Windows; Thinkpad T14s Gen 3 BiOS - Linux; Thinkpad X13 Gen3 BiOS - Linux
Vendor: CVE Published:; 9 October 2023

Summary

A reported vulnerability in Lenovo's ThinkPad T14s Gen 3 and X13 Gen 3 models could prevent the BIOS tamper detection mechanism from triggering under certain conditions. This oversight may leave systems exposed to unauthorized access, potentially allowing attackers to bypass crucial security safeguards. Users of these models should review best practices for securing their devices and remain vigilant for updates from Lenovo.

Affected Version(s)

ThinkPad T14s Gen 3 BIOS - Linux

ThinkPad T14s X13 Gen3 BIOS - Windows

ThinkPad X13 Gen3 BIOS - Linux

References

https://support.lenovo.com/us/en/product_security/LEN-106014

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 9, 2023
Vulnerability Reserved
Dec 29, 2022

Credit

Lenovo thanks Zoltan Harmath for reporting this vulnerability.