CVE-2022-40134

An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

Published: 2023-01-30 Last update: 2026-06-17 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2022-40134 is rated Low Risk (21/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.20%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2022-40134

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.05% 0.20% +0.15%
2 2025-11-26 0.04% 0.05% +0.01%
3 2023-03-07 0.04%

Full EPSS history (4 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2022-40134

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
4.4 3.1 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:H)
They need powerful rights—admin, root, or similar—before this pays off.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:N)
Service keeps running; no real outage angle.
0.8 3.6 [email protected]
4.4 3.1 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:H)
They need powerful rights—admin, root, or similar—before this pays off.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:N)
Service keeps running; no real outage angle.
0.8 3.6 [email protected]

Weakness enumeration for CVE-2022-40134

Affected software / configurations for CVE-2022-40134

Vendor Product Version Raw CPE
lenovo ideacentre_c5-14imb05_firmware o4hkt38a cpe:2.3:o:lenovo:ideacentre_c5-14imb05_firmware:o4hkt38a:*:*:*:*:*:*:*
lenovo thinkcentre_e96z_firmware m26kt22a cpe:2.3:o:lenovo:thinkcentre_e96z_firmware:m26kt22a:*:*:*:*:*:*:*
lenovo ideacentre_3_07iab7_firmware m49kt1da cpe:2.3:o:lenovo:ideacentre_3_07iab7_firmware:m49kt1da:*:*:*:*:*:*:*
lenovo ideacentre_3-07imb05_firmware m2vkt1da cpe:2.3:o:lenovo:ideacentre_3-07imb05_firmware:m2vkt1da:*:*:*:*:*:*:*
lenovo ideacentre_5_14iab7_firmware m42kt40a cpe:2.3:o:lenovo:ideacentre_5_14iab7_firmware:m42kt40a:*:*:*:*:*:*:*
lenovo ideacentre_5-14acn6_firmware o5ekt21a cpe:2.3:o:lenovo:ideacentre_5-14acn6_firmware:o5ekt21a:*:*:*:*:*:*:*
lenovo ideacentre_5-14imb05_firmware o4hkt38a cpe:2.3:o:lenovo:ideacentre_5-14imb05_firmware:o4hkt38a:*:*:*:*:*:*:*
lenovo ideacentre_5-14iob6_firmware m3gkt33a cpe:2.3:o:lenovo:ideacentre_5-14iob6_firmware:m3gkt33a:*:*:*:*:*:*:*
lenovo ideacentre_creator_5-14iob6_firmware m3gkt33a cpe:2.3:o:lenovo:ideacentre_creator_5-14iob6_firmware:m3gkt33a:*:*:*:*:*:*:*
lenovo ideacentre_g5-14imb05_firmware o4hkt38a cpe:2.3:o:lenovo:ideacentre_g5-14imb05_firmware:o4hkt38a:*:*:*:*:*:*:*
lenovo ideacentre_gaming_5_17acn7_firmware o5ekt21a cpe:2.3:o:lenovo:ideacentre_gaming_5_17acn7_firmware:o5ekt21a:*:*:*:*:*:*:*
lenovo ideacentre_gaming_5_17iab7_firmware m42kt40a cpe:2.3:o:lenovo:ideacentre_gaming_5_17iab7_firmware:m42kt40a:*:*:*:*:*:*:*
lenovo ideacentre_gaming_5-14acn6_firmware o5ekt21a cpe:2.3:o:lenovo:ideacentre_gaming_5-14acn6_firmware:o5ekt21a:*:*:*:*:*:*:*
lenovo ideacentre_gaming_5-14iob6_firmware m3gkt33a cpe:2.3:o:lenovo:ideacentre_gaming_5-14iob6_firmware:m3gkt33a:*:*:*:*:*:*:*
lenovo legion_c530-19icb_firmware o4bkt20a cpe:2.3:o:lenovo:legion_c530-19icb_firmware:o4bkt20a:*:*:*:*:*:*:*
lenovo legion_t5-26iob6_firmware o54kt1da cpe:2.3:o:lenovo:legion_t5-26iob6_firmware:o54kt1da:*:*:*:*:*:*:*
lenovo legion_t5-28icb05_firmware o4bkt20a cpe:2.3:o:lenovo:legion_t5-28icb05_firmware:o4bkt20a:*:*:*:*:*:*:*
lenovo legion_t530-28apr_firmware o4gkt16a cpe:2.3:o:lenovo:legion_t530-28apr_firmware:o4gkt16a:*:*:*:*:*:*:*
lenovo legion_t530-28icb_firmware o4bkt20a cpe:2.3:o:lenovo:legion_t530-28icb_firmware:o4bkt20a:*:*:*:*:*:*:*
lenovo legion_t7-34imz5_firmware o4lkt1ea cpe:2.3:o:lenovo:legion_t7-34imz5_firmware:o4lkt1ea:*:*:*:*:*:*:*
lenovo thinkcentre_m60e_tiny_firmware o5fkt14a cpe:2.3:o:lenovo:thinkcentre_m60e_tiny_firmware:o5fkt14a:*:*:*:*:*:*:*
lenovo thinkcentre_m625q_firmware m3skt21a cpe:2.3:o:lenovo:thinkcentre_m625q_firmware:m3skt21a:*:*:*:*:*:*:*
lenovo thinkcentre_m630e_firmware m1wkt45a cpe:2.3:o:lenovo:thinkcentre_m630e_firmware:m1wkt45a:*:*:*:*:*:*:*
lenovo thinkcentre_m70a_firmware m28kt37a cpe:2.3:o:lenovo:thinkcentre_m70a_firmware:m28kt37a:*:*:*:*:*:*:*
lenovo thinkcentre_m70a_gen_2_firmware m2skt25a cpe:2.3:o:lenovo:thinkcentre_m70a_gen_2_firmware:m2skt25a:*:*:*:*:*:*:*
lenovo thinkcentre_m70c_firmware m3nkt20a cpe:2.3:o:lenovo:thinkcentre_m70c_firmware:m3nkt20a:*:*:*:*:*:*:*
lenovo thinkcentre_m70q_firmware m2vkt1da cpe:2.3:o:lenovo:thinkcentre_m70q_firmware:m2vkt1da:*:*:*:*:*:*:*
lenovo thinkcentre_m70q_gen_2_firmware m2wkt57a cpe:2.3:o:lenovo:thinkcentre_m70q_gen_2_firmware:m2wkt57a:*:*:*:*:*:*:*
lenovo thinkcentre_m70q_gen_3_firmware m3jkt34a cpe:2.3:o:lenovo:thinkcentre_m70q_gen_3_firmware:m3jkt34a:*:*:*:*:*:*:*
lenovo thinkcentre_m70s_firmware m43kt16a cpe:2.3:o:lenovo:thinkcentre_m70s_firmware:m43kt16a:*:*:*:*:*:*:*
lenovo thinkcentre_m70s_gen_3_firmware m2tkt50a cpe:2.3:o:lenovo:thinkcentre_m70s_gen_3_firmware:m2tkt50a:*:*:*:*:*:*:*
lenovo thinkcentre_m70t_firmware m41kt2da cpe:2.3:o:lenovo:thinkcentre_m70t_firmware:m41kt2da:*:*:*:*:*:*:*
lenovo thinkcentre_m70t_gen_3_firmware m2tkt50a cpe:2.3:o:lenovo:thinkcentre_m70t_gen_3_firmware:m2tkt50a:*:*:*:*:*:*:*
lenovo thinkcentre_m710e_firmware m41kt2da cpe:2.3:o:lenovo:thinkcentre_m710e_firmware:m41kt2da:*:*:*:*:*:*:*
lenovo thinkcentre_m710q_firmware m1zkt38a cpe:2.3:o:lenovo:thinkcentre_m710q_firmware:m1zkt38a:*:*:*:*:*:*:*
lenovo thinkcentre_m710s_firmware m1akt56a cpe:2.3:o:lenovo:thinkcentre_m710s_firmware:m1akt56a:*:*:*:*:*:*:*
lenovo thinkcentre_m710t_firmware m16kt68a cpe:2.3:o:lenovo:thinkcentre_m710t_firmware:m16kt68a:*:*:*:*:*:*:*
lenovo thinkcentre_m715q_firmware m16kt68a cpe:2.3:o:lenovo:thinkcentre_m715q_firmware:m16kt68a:*:*:*:*:*:*:*
lenovo thinkcentre_m720e_firmware m11kt54a cpe:2.3:o:lenovo:thinkcentre_m720e_firmware:m11kt54a:*:*:*:*:*:*:*
lenovo thinkcentre_m75n_firmware m30kt26a cpe:2.3:o:lenovo:thinkcentre_m75n_firmware:m30kt26a:*:*:*:*:*:*:*
lenovo thinkcentre_m75q_gen_2_firmware m33kt25a cpe:2.3:o:lenovo:thinkcentre_m75q_gen_2_firmware:m33kt25a:*:*:*:*:*:*:*
lenovo thinkcentre_m75t_gen_2_firmware m47kt24a cpe:2.3:o:lenovo:thinkcentre_m75t_gen_2_firmware:m47kt24a:*:*:*:*:*:*:*
lenovo thinkcentre_m80q_firmware m46kt2da cpe:2.3:o:lenovo:thinkcentre_m80q_firmware:m46kt2da:*:*:*:*:*:*:*
lenovo thinkcentre_m80s_firmware m2wkt57a cpe:2.3:o:lenovo:thinkcentre_m80s_firmware:m2wkt57a:*:*:*:*:*:*:*
lenovo thinkcentre_m80s_firmware m2tkt50a cpe:2.3:o:lenovo:thinkcentre_m80s_firmware:m2tkt50a:*:*:*:*:*:*:*
lenovo thinkcentre_m80t_firmware m2tkt50a cpe:2.3:o:lenovo:thinkcentre_m80t_firmware:m2tkt50a:*:*:*:*:*:*:*
lenovo thinkcentre_m80t_firmware m1ckt49a cpe:2.3:o:lenovo:thinkcentre_m80t_firmware:m1ckt49a:*:*:*:*:*:*:*
lenovo thinkcentre_m810z_all-in-one_firmware m1ekt25a cpe:2.3:o:lenovo:thinkcentre_m810z_all-in-one_firmware:m1ekt25a:*:*:*:*:*:*:*
lenovo thinkcentre_m818z_firmware m1nkt58a cpe:2.3:o:lenovo:thinkcentre_m818z_firmware:m1nkt58a:*:*:*:*:*:*:*
lenovo thinkcentre_m820z_all-in-one_firmware m2rkt52a cpe:2.3:o:lenovo:thinkcentre_m820z_all-in-one_firmware:m2rkt52a:*:*:*:*:*:*:*
lenovo thinkcentre_m90a_firmware m3lkt26a cpe:2.3:o:lenovo:thinkcentre_m90a_firmware:m3lkt26a:*:*:*:*:*:*:*
lenovo thinkcentre_m90a_gen_2_firmware m3jkt34a cpe:2.3:o:lenovo:thinkcentre_m90a_gen_2_firmware:m3jkt34a:*:*:*:*:*:*:*
lenovo thinkcentre_m90q_gen_2_firmware m2wkt57a cpe:2.3:o:lenovo:thinkcentre_m90q_gen_2_firmware:m2wkt57a:*:*:*:*:*:*:*
lenovo thinkcentre_m90q_tiny_firmware m2tkt50a cpe:2.3:o:lenovo:thinkcentre_m90q_tiny_firmware:m2tkt50a:*:*:*:*:*:*:*
lenovo thinkcentre_m90s_firmware m2tkt50a cpe:2.3:o:lenovo:thinkcentre_m90s_firmware:m2tkt50a:*:*:*:*:*:*:*
lenovo thinkcentre_m90t_firmware m1akt56a cpe:2.3:o:lenovo:thinkcentre_m90t_firmware:m1akt56a:*:*:*:*:*:*:*
lenovo thinkcentre_m910q_firmware m1akt56a cpe:2.3:o:lenovo:thinkcentre_m910q_firmware:m1akt56a:*:*:*:*:*:*:*
lenovo thinkcentre_m910s_firmware m1akt56a cpe:2.3:o:lenovo:thinkcentre_m910s_firmware:m1akt56a:*:*:*:*:*:*:*
lenovo thinkcentre_m910t_firmware m1akt56a cpe:2.3:o:lenovo:thinkcentre_m910t_firmware:m1akt56a:*:*:*:*:*:*:*
lenovo thinkcentre_m910x_firmware m49kt1da cpe:2.3:o:lenovo:thinkcentre_m910x_firmware:m49kt1da:*:*:*:*:*:*:*
lenovo thinkcentre_neo_50s_gen_3_firmware m42kt40a cpe:2.3:o:lenovo:thinkcentre_neo_50s_gen_3_firmware:m42kt40a:*:*:*:*:*:*:*
lenovo qitian_a815_firmware m1rkt38a cpe:2.3:o:lenovo:qitian_a815_firmware:m1rkt38a:*:*:*:*:*:*:*
lenovo qt_m410_firmware m16kt68a cpe:2.3:o:lenovo:qt_m410_firmware:m16kt68a:*:*:*:*:*:*:*
lenovo qt_b415_firmware m16kt68a cpe:2.3:o:lenovo:qt_b415_firmware:m16kt68a:*:*:*:*:*:*:*
lenovo qt_m415_firmware m16kt68a cpe:2.3:o:lenovo:qt_m415_firmware:m16kt68a:*:*:*:*:*:*:*
lenovo thinkcentre_e75t_firmware m16kt68a cpe:2.3:o:lenovo:thinkcentre_e75t_firmware:m16kt68a:*:*:*:*:*:*:*
lenovo thinkcentre_e75s_firmware m16kt68a cpe:2.3:o:lenovo:thinkcentre_e75s_firmware:m16kt68a:*:*:*:*:*:*:*
lenovo thinkcentre_m610_firmware m1akt56a cpe:2.3:o:lenovo:thinkcentre_m610_firmware:m1akt56a:*:*:*:*:*:*:*
lenovo thinkcentre_m6600q_firmware fwktbaa cpe:2.3:o:lenovo:thinkcentre_m6600q_firmware:fwktbaa:*:*:*:*:*:*:*
lenovo thinkcentre_m6600t_firmware fwktbaa cpe:2.3:o:lenovo:thinkcentre_m6600t_firmware:fwktbaa:*:*:*:*:*:*:*
lenovo thinkcentre_m6600s_firmware fwktbaa cpe:2.3:o:lenovo:thinkcentre_m6600s_firmware:fwktbaa:*:*:*:*:*:*:*
lenovo thinkcentre_m700q_firmware fwktbaa cpe:2.3:o:lenovo:thinkcentre_m700q_firmware:fwktbaa:*:*:*:*:*:*:*
lenovo thinkcentre_m8600t_firmware fwktbaa cpe:2.3:o:lenovo:thinkcentre_m8600t_firmware:fwktbaa:*:*:*:*:*:*:*
lenovo thinkcentre_m8600s_firmware fwktbaa cpe:2.3:o:lenovo:thinkcentre_m8600s_firmware:fwktbaa:*:*:*:*:*:*:*
lenovo ideacentre_3-07ada05_firmware o4fkt29a cpe:2.3:o:lenovo:ideacentre_3-07ada05_firmware:o4fkt29a:*:*:*:*:*:*:*
lenovo ideacentre_5-14are05_firmware o4zkt29a cpe:2.3:o:lenovo:ideacentre_5-14are05_firmware:o4zkt29a:*:*:*:*:*:*:*
lenovo ideacentre_g5-14amr05_firmware o4zkt29a cpe:2.3:o:lenovo:ideacentre_g5-14amr05_firmware:o4zkt29a:*:*:*:*:*:*:*
lenovo thinkcentre_m75s_gen_2_firmware m3akt44a cpe:2.3:o:lenovo:thinkcentre_m75s_gen_2_firmware:m3akt44a:*:*:*:*:*:*:*
lenovo thinkcentre_m75s_gen_2_firmware m3bkt29a cpe:2.3:o:lenovo:thinkcentre_m75s_gen_2_firmware:m3bkt29a:*:*:*:*:*:*:*
lenovo thinkcentre_m75t_gen_2_firmware cpe:2.3:o:lenovo:thinkcentre_m75t_gen_2_firmware:-:*:*:*:*:*:*:*

References for CVE-2022-40134

cvelogic Threat Intelligence