CVE-2022-3728 : Security Advisory and Response

A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.

Understanding CVE-2022-3728

This CVE-2022-3728 advisory addresses a vulnerability impacting Lenovo ThinkPad T14s Gen 3 and ThinkPad X13 Gen3 BIOS.

What is CVE-2022-3728?

The vulnerability could lead to the BIOS tamper detection mechanism failing to trigger under certain conditions, potentially enabling unauthorized access to the affected systems.

The Impact of CVE-2022-3728

The impact of this vulnerability is rated as MEDIUM severity with a CVSS base score of 6.1. It poses a high availability impact and high integrity impact, while requiring no special privileges or user interaction.

Technical Details of CVE-2022-3728

Vulnerability Description

The vulnerability involves improper physical access control, allowing unauthorized access due to the failure of the BIOS tamper detection mechanism.

Affected Systems and Versions

ThinkPad T14s Gen 3 BIOS versions less than 1.30 (R22ET60W)
ThinkPad X13 Gen3 BIOS versions less than 1.30 (R22ET60W)

Exploitation Mechanism

The vulnerability can be exploited through physical access to the affected systems under specific conditions, bypassing the BIOS tamper detection.

Mitigation and Prevention

Immediate Steps to Take

To mitigate the CVE-2022-3728 vulnerability, users are advised to update their system firmware to version 1.30 (R22ET60W) or newer.

Long-Term Security Practices

In addition to immediate updates, organizations should implement strict physical security measures to prevent unauthorized access to critical systems in the long term.

Patching and Updates

Regularly check for firmware updates provided by Lenovo and promptly apply them to ensure system security.