CVE-2022-40137

A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Published: 2023-01-30 Last update: 2026-06-17 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2022-40137 is rated Low Risk (31.5/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.23%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2022-40137

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.12% 0.23% +0.11%
2 2026-01-31 0.04% 0.12% +0.08%
3 2023-03-07 0.04%

Full EPSS history (4 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2022-40137

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
6.7 3.1 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:H)
They need powerful rights—admin, root, or similar—before this pays off.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
0.8 5.9 [email protected]
6.7 3.1 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:H)
They need powerful rights—admin, root, or similar—before this pays off.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
0.8 5.9 [email protected]

Weakness enumeration for CVE-2022-40137

Affected software / configurations for CVE-2022-40137

Vendor Product Version Raw CPE
lenovo ideacentre_c5-14imb05_firmware o4hkt3aa cpe:2.3:o:lenovo:ideacentre_c5-14imb05_firmware:o4hkt3aa:*:*:*:*:*:*:*
lenovo ideacentre_e96z_firmware m26kt24a cpe:2.3:o:lenovo:ideacentre_e96z_firmware:m26kt24a:*:*:*:*:*:*:*
lenovo ideacentre_3_07iab7_firmware m49kt1da cpe:2.3:o:lenovo:ideacentre_3_07iab7_firmware:m49kt1da:*:*:*:*:*:*:*
lenovo ideacentre_3-07imb05_firmware m2vkt1fa cpe:2.3:o:lenovo:ideacentre_3-07imb05_firmware:m2vkt1fa:*:*:*:*:*:*:*
lenovo ideacentre_5_14iab7_firmware m42kt40a cpe:2.3:o:lenovo:ideacentre_5_14iab7_firmware:m42kt40a:*:*:*:*:*:*:*
lenovo ideacentre_5-14acn6_firmware o5ekt23a cpe:2.3:o:lenovo:ideacentre_5-14acn6_firmware:o5ekt23a:*:*:*:*:*:*:*
lenovo ideacentre_5-14imb05_firmware o4hkt3aa cpe:2.3:o:lenovo:ideacentre_5-14imb05_firmware:o4hkt3aa:*:*:*:*:*:*:*
lenovo ideacentre_5-14iob6_firmware m3gkt38a cpe:2.3:o:lenovo:ideacentre_5-14iob6_firmware:m3gkt38a:*:*:*:*:*:*:*
lenovo ideacentre_aio_3-22ada6_firmware o5ckt24a cpe:2.3:o:lenovo:ideacentre_aio_3-22ada6_firmware:o5ckt24a:*:*:*:*:*:*:*
lenovo ideacentre_aio_3-22iil5_firmware o56kt22a cpe:2.3:o:lenovo:ideacentre_aio_3-22iil5_firmware:o56kt22a:*:*:*:*:*:*:*
lenovo ideacentre_aio_3-22itl6_firmware o5akt31a cpe:2.3:o:lenovo:ideacentre_aio_3-22itl6_firmware:o5akt31a:*:*:*:*:*:*:*
lenovo ideacentre_aio_3-24ada6_firmware o5ckt24a cpe:2.3:o:lenovo:ideacentre_aio_3-24ada6_firmware:o5ckt24a:*:*:*:*:*:*:*
lenovo ideacentre_aio_3-24alc6_firmware o5bkt24a cpe:2.3:o:lenovo:ideacentre_aio_3-24alc6_firmware:o5bkt24a:*:*:*:*:*:*:*
lenovo ideacentre_aio_3-24iil5_firmware o56kt22a cpe:2.3:o:lenovo:ideacentre_aio_3-24iil5_firmware:o56kt22a:*:*:*:*:*:*:*
lenovo ideacentre_aio_3-24itl6_firmware o5akt31a cpe:2.3:o:lenovo:ideacentre_aio_3-24itl6_firmware:o5akt31a:*:*:*:*:*:*:*
lenovo ideacentre_aio_3-27alc6_firmware o5bkt24a cpe:2.3:o:lenovo:ideacentre_aio_3-27alc6_firmware:o5bkt24a:*:*:*:*:*:*:*
lenovo ideacentre_aio_3-27itl6_firmware o5akt31a cpe:2.3:o:lenovo:ideacentre_aio_3-27itl6_firmware:o5akt31a:*:*:*:*:*:*:*
lenovo ideacentre_g5-14imb05_firmware o4hkt3aa cpe:2.3:o:lenovo:ideacentre_g5-14imb05_firmware:o4hkt3aa:*:*:*:*:*:*:*
lenovo ideacentre_gaming_5_17acn7_firmware o5ekt23a cpe:2.3:o:lenovo:ideacentre_gaming_5_17acn7_firmware:o5ekt23a:*:*:*:*:*:*:*
lenovo ideacentre_gaming_5_17iab7_firmware m42kt40a cpe:2.3:o:lenovo:ideacentre_gaming_5_17iab7_firmware:m42kt40a:*:*:*:*:*:*:*
lenovo ideacentre_gaming_5-14acn6_firmware o5ekt23a cpe:2.3:o:lenovo:ideacentre_gaming_5-14acn6_firmware:o5ekt23a:*:*:*:*:*:*:*
lenovo ideacentre_gaming_5-14iob6_firmware m3gkt38a cpe:2.3:o:lenovo:ideacentre_gaming_5-14iob6_firmware:m3gkt38a:*:*:*:*:*:*:*
lenovo ideacentre_mini_5-01imh05_firmware o4ekt17a cpe:2.3:o:lenovo:ideacentre_mini_5-01imh05_firmware:o4ekt17a:*:*:*:*:*:*:*
lenovo legion_c530-19icb_firmware o4bkt21a cpe:2.3:o:lenovo:legion_c530-19icb_firmware:o4bkt21a:*:*:*:*:*:*:*
lenovo legion_t5-26iob6_firmware o54kt20a cpe:2.3:o:lenovo:legion_t5-26iob6_firmware:o54kt20a:*:*:*:*:*:*:*
lenovo legion_t5-28icb05_firmware o4bkt21a cpe:2.3:o:lenovo:legion_t5-28icb05_firmware:o4bkt21a:*:*:*:*:*:*:*
lenovo legion_t530-28apr_firmware o4gkt17a cpe:2.3:o:lenovo:legion_t530-28apr_firmware:o4gkt17a:*:*:*:*:*:*:*
lenovo legion_t530-28icb_firmware o4bkt21a cpe:2.3:o:lenovo:legion_t530-28icb_firmware:o4bkt21a:*:*:*:*:*:*:*
lenovo legion_t7-34imz5_firmware o4lkt1fa cpe:2.3:o:lenovo:legion_t7-34imz5_firmware:o4lkt1fa:*:*:*:*:*:*:*
lenovo legion_t7-34imz5_firmware o5fkt14a cpe:2.3:o:lenovo:legion_t7-34imz5_firmware:o5fkt14a:*:*:*:*:*:*:*
lenovo ideacentre_m60e_tiny_firmware m3skt21a cpe:2.3:o:lenovo:ideacentre_m60e_tiny_firmware:m3skt21a:*:*:*:*:*:*:*
lenovo ideacentre_m625q_firmware m1wkt46a cpe:2.3:o:lenovo:ideacentre_m625q_firmware:m1wkt46a:*:*:*:*:*:*:*
lenovo ideacentre_m630e_firmware m28kt39a cpe:2.3:o:lenovo:ideacentre_m630e_firmware:m28kt39a:*:*:*:*:*:*:*
lenovo ideacentre_m700_tiny_firmware fwktbfa cpe:2.3:o:lenovo:ideacentre_m700_tiny_firmware:fwktbfa:*:*:*:*:*:*:*
lenovo ideacentre_m70a_firmware m2skt26a cpe:2.3:o:lenovo:ideacentre_m70a_firmware:m2skt26a:*:*:*:*:*:*:*
lenovo ideacentre_m70a_gen_2_firmware m3nkt21a cpe:2.3:o:lenovo:ideacentre_m70a_gen_2_firmware:m3nkt21a:*:*:*:*:*:*:*
lenovo ideacentre_m70a_gen_3_firmware m4ekt18a cpe:2.3:o:lenovo:ideacentre_m70a_gen_3_firmware:m4ekt18a:*:*:*:*:*:*:*
lenovo ideacentre_m70c_firmware m2vkt1fa cpe:2.3:o:lenovo:ideacentre_m70c_firmware:m2vkt1fa:*:*:*:*:*:*:*
lenovo ideacentre_m70q_firmware m2wkt55a cpe:2.3:o:lenovo:ideacentre_m70q_firmware:m2wkt55a:*:*:*:*:*:*:*
lenovo ideacentre_m70q_gen_2_firmware m3jkt35a cpe:2.3:o:lenovo:ideacentre_m70q_gen_2_firmware:m3jkt35a:*:*:*:*:*:*:*
lenovo ideacentre_m70q_gen_3_firmware m43kt16a cpe:2.3:o:lenovo:ideacentre_m70q_gen_3_firmware:m43kt16a:*:*:*:*:*:*:*
lenovo ideacentre_m70s_firmware m2tkt50a cpe:2.3:o:lenovo:ideacentre_m70s_firmware:m2tkt50a:*:*:*:*:*:*:*
lenovo ideacentre_m70s_gen_3_firmware m41kt2da cpe:2.3:o:lenovo:ideacentre_m70s_gen_3_firmware:m41kt2da:*:*:*:*:*:*:*
lenovo ideacentre_m70t_firmware m2tkt50a cpe:2.3:o:lenovo:ideacentre_m70t_firmware:m2tkt50a:*:*:*:*:*:*:*
lenovo ideacentre_m70t_gen_3_firmware m41kt2da cpe:2.3:o:lenovo:ideacentre_m70t_gen_3_firmware:m41kt2da:*:*:*:*:*:*:*
lenovo ideacentre_m710e_firmware m1zkt39a cpe:2.3:o:lenovo:ideacentre_m710e_firmware:m1zkt39a:*:*:*:*:*:*:*
lenovo ideacentre_m710q_firmware m1akt56a cpe:2.3:o:lenovo:ideacentre_m710q_firmware:m1akt56a:*:*:*:*:*:*:*
lenovo ideacentre_m710s_firmware m16kt69a cpe:2.3:o:lenovo:ideacentre_m710s_firmware:m16kt69a:*:*:*:*:*:*:*
lenovo ideacentre_m710t_firmware m16kt69a cpe:2.3:o:lenovo:ideacentre_m710t_firmware:m16kt69a:*:*:*:*:*:*:*
lenovo ideacentre_m715q_2nd_gen_firmware m1xkt58a cpe:2.3:o:lenovo:ideacentre_m715q_2nd_gen_firmware:m1xkt58a:*:*:*:*:*:*:*
lenovo ideacentre_m715q_firmware m11kt55a cpe:2.3:o:lenovo:ideacentre_m715q_firmware:m11kt55a:*:*:*:*:*:*:*
lenovo ideacentre_m715s_firmware m2ckt4da cpe:2.3:o:lenovo:ideacentre_m715s_firmware:m2ckt4da:*:*:*:*:*:*:*
lenovo ideacentre_m715t_firmware m2ckt4da cpe:2.3:o:lenovo:ideacentre_m715t_firmware:m2ckt4da:*:*:*:*:*:*:*
lenovo ideacentre_m720e_firmware m30kt27a cpe:2.3:o:lenovo:ideacentre_m720e_firmware:m30kt27a:*:*:*:*:*:*:*
lenovo ideacentre_m720q_firmware m1ukt6ba cpe:2.3:o:lenovo:ideacentre_m720q_firmware:m1ukt6ba:*:*:*:*:*:*:*
lenovo ideacentre_m720s_firmware m1ukt6ba cpe:2.3:o:lenovo:ideacentre_m720s_firmware:m1ukt6ba:*:*:*:*:*:*:*
lenovo ideacentre_m720t_firmware m1ukt6ba cpe:2.3:o:lenovo:ideacentre_m720t_firmware:m1ukt6ba:*:*:*:*:*:*:*
lenovo ideacentre_m725s_firmware m25kt61a cpe:2.3:o:lenovo:ideacentre_m725s_firmware:m25kt61a:*:*:*:*:*:*:*
lenovo ideacentre_m75n_firmware m33kt26a cpe:2.3:o:lenovo:ideacentre_m75n_firmware:m33kt26a:*:*:*:*:*:*:*
lenovo ideacentre_m75q_gen_2_firmware m47kt24a cpe:2.3:o:lenovo:ideacentre_m75q_gen_2_firmware:m47kt24a:*:*:*:*:*:*:*
lenovo ideacentre_m75q-1_firmware m2fkt2ea cpe:2.3:o:lenovo:ideacentre_m75q-1_firmware:m2fkt2ea:*:*:*:*:*:*:*
lenovo ideacentre_m75s_gen_2_firmware m3akt44a cpe:2.3:o:lenovo:ideacentre_m75s_gen_2_firmware:m3akt44a:*:*:*:*:*:*:*
lenovo ideacentre_m75s_gen_2_firmware m3bkt2aa cpe:2.3:o:lenovo:ideacentre_m75s_gen_2_firmware:m3bkt2aa:*:*:*:*:*:*:*
lenovo ideacentre_m75s_gen_2_firmware m46kt2ba cpe:2.3:o:lenovo:ideacentre_m75s_gen_2_firmware:m46kt2ba:*:*:*:*:*:*:*
lenovo ideacentre_m75s-1_firmware m2ckt4da cpe:2.3:o:lenovo:ideacentre_m75s-1_firmware:m2ckt4da:*:*:*:*:*:*:*
lenovo ideacentre_m75t_gen_2_firmware m3akt44a cpe:2.3:o:lenovo:ideacentre_m75t_gen_2_firmware:m3akt44a:*:*:*:*:*:*:*
lenovo ideacentre_m75t_gen_2_firmware m3bkt2aa cpe:2.3:o:lenovo:ideacentre_m75t_gen_2_firmware:m3bkt2aa:*:*:*:*:*:*:*
lenovo ideacentre_m75t_gen_2_firmware m46kt2ba cpe:2.3:o:lenovo:ideacentre_m75t_gen_2_firmware:m46kt2ba:*:*:*:*:*:*:*
lenovo ideacentre_m800_firmware fwktbfa cpe:2.3:o:lenovo:ideacentre_m800_firmware:fwktbfa:*:*:*:*:*:*:*
lenovo ideacentre_m80q_firmware m2wkt55a cpe:2.3:o:lenovo:ideacentre_m80q_firmware:m2wkt55a:*:*:*:*:*:*:*
lenovo ideacentre_m80q_gen_3_firmware m4gkt1da cpe:2.3:o:lenovo:ideacentre_m80q_gen_3_firmware:m4gkt1da:*:*:*:*:*:*:*
lenovo ideacentre_m80s_firmware m2tkt50a cpe:2.3:o:lenovo:ideacentre_m80s_firmware:m2tkt50a:*:*:*:*:*:*:*
lenovo ideacentre_m80s_gen_3_firmware m40kt2da cpe:2.3:o:lenovo:ideacentre_m80s_gen_3_firmware:m40kt2da:*:*:*:*:*:*:*
lenovo ideacentre_m80t_firmware m2tkt50a cpe:2.3:o:lenovo:ideacentre_m80t_firmware:m2tkt50a:*:*:*:*:*:*:*
lenovo ideacentre_m80t_gen_3_firmware m40kt2da cpe:2.3:o:lenovo:ideacentre_m80t_gen_3_firmware:m40kt2da:*:*:*:*:*:*:*
lenovo ideacentre_m810z_all-in-one_firmware m1ckt50a cpe:2.3:o:lenovo:ideacentre_m810z_all-in-one_firmware:m1ckt50a:*:*:*:*:*:*:*
lenovo ideacentre_m818z_firmware m1ekt27a cpe:2.3:o:lenovo:ideacentre_m818z_firmware:m1ekt27a:*:*:*:*:*:*:*
lenovo ideacentre_m820z_all-in-one_firmware m1nkt59a cpe:2.3:o:lenovo:ideacentre_m820z_all-in-one_firmware:m1nkt59a:*:*:*:*:*:*:*
lenovo ideacentre_m900_firmware fwktbfa cpe:2.3:o:lenovo:ideacentre_m900_firmware:fwktbfa:*:*:*:*:*:*:*
lenovo ideacentre_m900x_firmware fwktbfa cpe:2.3:o:lenovo:ideacentre_m900x_firmware:fwktbfa:*:*:*:*:*:*:*

References for CVE-2022-40137

cvelogic Threat Intelligence