CVE-2022-3431 (d330-10igl_firmware, ideapad_5_pro-16ach6_firmware, ideapad_5_pro-16ihu6_firmware, ideapad_5_pro_16arh7_firmware, ideapad_creator_5-16ach6_firmware, ideapad_duet_3_10igl5_firmware, ideapad_slim_7_pro_16ach6_firmware, s540-15iml_firmwar

A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

attacker boot consumer cve devices driver lenovo manufacturing may notebook nvram privileges process secure boot variable vulnerability