Find Devices Vulnerable to Lenovo BIOS Vulnerabilities
Lenovo disclosed information on 3 vulnerabilities affecting multiple Lenovo models.
CVE-2022-1890: A buffer overflow has been identified in the ReadyBootDxe driver in some Lenovo notebook products which may allow an attacker with local privileges to execute arbitrary code.
CVE-2022-1891: A buffer overflow has been identified in the SystemLoadDefaultDxe driver in some Lenovo notebook products which may allow an attacker with local privileges to execute arbitrary code.
CVE-2022-1892: A buffer overflow has been identified in the SystemBootManagerDxe driver in some Lenovo notebook products which may allow an attacker with local privileges to execute arbitrary code.
Lenovo released new BIOS versions for all affected devices, the report below will provide a list of all Lenovo models which are affected along with their BIOS details and the details of the drivers affected.
Lenovo BIOS Vulnerabilities Audit Query
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.Version,
tblBIOS.Caption,
tblBIOS.SMBIOSBIOSVersion,
tblBIOS.SMBIOSMajorVersion,
tblBIOS.SMBIOSMinorVersion,
tblBIOS.ReleaseDate,
[CVE-2022-1890-CVE-2022-1891].Name As
[Driver Name CVE-2022-1890/CVE-2022-1891],
[CVE-2022-1890-CVE-2022-1891].Caption As
[Driver Caption CVE-2022-1890/CVE-2022-1891],
[CVE-2022-1890-CVE-2022-1891].StartMode As
[Driver Start Mode CVE-2022-1890/CVE-2022-1891],
[CVE-2022-1890-CVE-2022-1891].State As
[Driver State CVE-2022-1890/CVE-2022-1891],
[CVE-2022-1892].Name As [Driver Name CVE-2022-1892],
[CVE-2022-1892].Caption As [Driver Caption CVE-2022-1892],
[CVE-2022-1892].StartMode As [Driver Start Mode CVE-2022-1892],
[CVE-2022-1892].State As [Driver State CVE-2022-1892],
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Left Join (Select tblSystemDriversUni.Name,
tblSystemDriversUni.Caption,
tblSystemDrivers.StartMode,
tblSystemDrivers.State,
tblSystemDrivers.AssetID
From tblSystemDrivers
Inner Join tblSystemDriversUni On tblSystemDrivers.SystemDriverUniID =
tblSystemDriversUni.SystemDriverUniID
Inner Join tblAssetCustom On tblAssetCustom.AssetID =
tblSystemDrivers.AssetID
Where (tblSystemDriversUni.name Like '%ReadyBootDxe%' Or
tblSystemDriversUni.name Like '%SystemLoadDefaultDxe%') And
(tblAssetCustom.model Like '%ThinkBook%14-IIL%' Or
tblAssetCustom.model Like '%ThinkBook%14-IML%' Or
tblAssetCustom.model Like '%ThinkBook%15-IIL%' Or
tblAssetCustom.model Like '%ThinkBook%15-IML%' Or
tblAssetCustom.model Like '%Yoga%C640-13IML%LTE%' Or
tblAssetCustom.model Like '%Yoga%C640-13IML%')) As
[CVE-2022-1890-CVE-2022-1891] On [CVE-2022-1890-CVE-2022-1891].assetid =
tblAssets.assetid
Left Join (Select tblSystemDriversUni.Name,
tblSystemDriversUni.Caption,
tblSystemDrivers.StartMode,
tblSystemDrivers.State,
tblSystemDrivers.AssetID
From tblSystemDrivers
Inner Join tblSystemDriversUni On tblSystemDrivers.SystemDriverUniID =
tblSystemDriversUni.SystemDriverUniID
Inner Join tblAssetCustom On tblAssetCustom.AssetID =
tblSystemDrivers.AssetID
Where tblSystemDriversUni.name Like '%SystemBootManagerDxe%') As
[CVE-2022-1892] On [CVE-2022-1892].assetid = tblAssets.assetid
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join tblBIOS On tblBIOS.AssetID = tblAssets.AssetID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Where tblAssetCustom.Manufacturer Like '%lenovo%' And tblState.Statename =
'Active' And (tblAssetCustom.model Like '%100e%2nd%' Or
tblAssetCustom.model Like '%100w%Gen%3%' Or tblAssetCustom.model Like
'%13w%Yoga%' Or tblAssetCustom.model Like '%14W%Gen%2%' Or
tblAssetCustom.model Like '%300e%2nd%' Or tblAssetCustom.model Like
'%300w%Gen%3%' Or tblAssetCustom.model Like '%500w%Gen%3%' Or
tblAssetCustom.model Like '%730S-13IML%' Or tblAssetCustom.model Like
'%Flex%3-11ADA05%' Or tblAssetCustom.model Like '%Flex%5-14ALC05%'
Or tblAssetCustom.model Like '%Flex%5-14ARE05%' Or
tblAssetCustom.model Like '%Flex%5-14IIL05%' Or
tblAssetCustom.model Like '%Flex%5-14ITL05%' Or
tblAssetCustom.model Like '%Flex%5-15ALC05%' Or
tblAssetCustom.model Like '%Flex%5-15IIL05%' Or
tblAssetCustom.model Like '%Flex%5-15ITL05%' Or
tblAssetCustom.model Like '%IdeaPad%1-11ADA05%' Or
tblAssetCustom.model Like '%IdeaPad%1-11IGL05%' Or
tblAssetCustom.model Like '%IdeaPad%1-14ADA05%' Or
tblAssetCustom.model Like '%IdeaPad%1-14IGL05%' Or
tblAssetCustom.model Like '%IdeaPad%3%15ADA05%' Or
tblAssetCustom.model Like '%IdeaPad%3-14ADA05%' Or
tblAssetCustom.model Like '%IdeaPad%3-14ADA6%' Or
tblAssetCustom.model Like '%IdeaPad%3-14ALC6%' Or
tblAssetCustom.model Like '%IdeaPad%3-15ADA6%' Or
tblAssetCustom.model Like '%IdeaPad%3-15ALC6%' Or
tblAssetCustom.model Like '%IdeaPad%3-17ADA05%' Or
tblAssetCustom.model Like '%IdeaPad%3-17ADA6%' Or
tblAssetCustom.model Like '%IdeaPad%3-17ALC6%' Or
tblAssetCustom.model Like '%IdeaPad%5%15ABA7%' Or
tblAssetCustom.model Like '%IdeaPad%Flex%5%14ALC7%' Or
tblAssetCustom.model Like '%IdeaPad%Flex%5%16ALC7%' Or
tblAssetCustom.model Like '%Legion%S7-15ACH6%' Or
tblAssetCustom.model Like '%Legion%S7-15ARH5%' Or
tblAssetCustom.model Like '%Legion%S7-15IMH5%' Or
tblAssetCustom.model Like '%S145-14API%' Or tblAssetCustom.model Like
'%S145-14AST%' Or tblAssetCustom.model Like '%S145-15API%' Or
tblAssetCustom.model Like '%S145-15AST%' Or tblAssetCustom.model Like
'%S145-15AST%' Or tblAssetCustom.model Like '%S540-13API%' Or
tblAssetCustom.model Like '%S940-14IIL%' Or tblAssetCustom.model Like
'%Slim%1-11AST-05%' Or tblAssetCustom.model Like '%Slim%1-14AST-05%' Or
tblAssetCustom.model Like '%ThinkBook%13s%G2%ARE%' Or
tblAssetCustom.model Like '%ThinkBook%13s%G2%ITL%' Or
tblAssetCustom.model Like '%ThinkBook%13s%G3%ACN%' Or
tblAssetCustom.model Like '%ThinkBook%13s-IML%' Or
tblAssetCustom.model Like '%ThinkBook%14-IIL%' Or
tblAssetCustom.model Like '%ThinkBook%14-IML%' Or
tblAssetCustom.model Like '%ThinkBook%14p%G2%ACH%' Or
tblAssetCustom.model Like '%ThinkBook%14s%G2%ITL%' Or
tblAssetCustom.model Like '%ThinkBook%14s-IML%' Or
tblAssetCustom.model Like '%ThinkBook%15-IIL%' Or
tblAssetCustom.model Like '%ThinkBook%15-IML%' Or
tblAssetCustom.model Like '%ThinkBook%16p%G2%ACH%' Or
tblAssetCustom.model Like '%V130-15IKB%' Or tblAssetCustom.model Like
'%V14%G2-ALC%' Or tblAssetCustom.model Like '%V14-ADA%' Or
tblAssetCustom.model Like '%V15%G2-ALC%' Or tblAssetCustom.model Like
'%V15-ADA%' Or tblAssetCustom.model Like '%Yoga%9-15IMH5%' Or
tblAssetCustom.model Like '%Yoga%C640-13IML%LTE%' Or
tblAssetCustom.model Like '%Yoga%C640-13IML%' Or
tblAssetCustom.model Like '%Yoga%C940-15IRH%' Or
tblAssetCustom.model Like '%Yoga%S730-13IML%' Or
tblAssetCustom.model Like '%Yoga%S940-14IIL%' Or
tblAssetCustom.model Like '%Yoga%Slim%7%Pro-14ACH5%' Or
tblAssetCustom.model Like '%Yoga%Slim%7%Pro-14ACH5%O%' Or
tblAssetCustom.model Like '%Yoga%Slim%7%Pro-14ARH5%' Or
tblAssetCustom.model Like '%ideapad%5-15ALC05%')
Order By tblAssets.Domain,
tblAssets.AssetName
