CVE-2023-4028

EPSS 0.04%
Published 17.08.2023 17:15:10
Last modified 21.11.2024 08:34:15
Source psirt@lenovo.com
Teams watchlist Login
Open Login

A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Lenovo ≫ 13w Yoga Firmware Version < jacn38ww

Lenovo ≫ 13w Yoga Version-

Lenovo ≫ 13w Yoga Gen 2 Firmware Version < kbcn20ww

Lenovo ≫ 13w Yoga Gen 2 Version-

Lenovo ≫ Ideapad 1-11ada05 Firmware Version < fqcn29ww

Lenovo ≫ Ideapad 1-11ada05 Version-

Lenovo ≫ Ideapad 1-11igl05 Firmware Version < dwcn28ww

Lenovo ≫ Ideapad 1-11igl05 Version-

Lenovo ≫ Ideapad 1-14ada05 Firmware Version < fqcn29ww

Lenovo ≫ Ideapad 1-14ada05 Version-

Lenovo ≫ Ideapad 1-14igl05 Firmware Version < dwcn28ww

Lenovo ≫ Ideapad 1-14igl05 Version-

Lenovo ≫ Flex 5-14alc05 Firmware Version < gjcn32ww

Lenovo ≫ Flex 5-14alc05 Version-

Lenovo ≫ Flex 5-14are05 Firmware Version < eecn43ww

Lenovo ≫ Flex 5-14are05 Version-

Lenovo ≫ Flex 5-14iil05 Firmware Version < eccn45ww

Lenovo ≫ Flex 5-14iil05 Version-

Lenovo ≫ Flex 5-14itl05 Firmware Version < fxcn44ww

Lenovo ≫ Flex 5-14itl05 Version-

Lenovo ≫ Flex 5-15alc05 Firmware Version < gjcn32ww

Lenovo ≫ Flex 5-15alc05 Version-

Lenovo ≫ Flex 5-15iil05 Firmware Version < eccn45ww

Lenovo ≫ Flex 5-15iil05 Version-

Lenovo ≫ Flex 5-15itl05 Firmware Version < fxcn44ww

Lenovo ≫ Flex 5-15itl05 Version-

Lenovo ≫ Ideapad Flex 5 14abr8 Firmware Version < l7cn17ww

Lenovo ≫ Ideapad Flex 5 14abr8 Version-

Lenovo ≫ Ideapad Flex 5 14alc7 Firmware Version < jccn35ww

Lenovo ≫ Ideapad Flex 5 14alc7 Version-

Lenovo ≫ Ideapad Flex 5 14iau7 Firmware Version < j7cn44ww

Lenovo ≫ Ideapad Flex 5 14iau7 Version-

Lenovo ≫ Ideapad Flex 5 14iru8 Firmware Version < l6cn20ww

Lenovo ≫ Ideapad Flex 5 14iru8 Version-

Lenovo ≫ Ideapad Flex 5 16abr8 Firmware Version < l7cn17ww

Lenovo ≫ Ideapad Flex 5 16abr8 Version-

Lenovo ≫ Ideapad Flex 5 16alc7 Firmware Version < jccn35ww

Lenovo ≫ Ideapad Flex 5 16alc7 Version-

Lenovo ≫ Ideapad Flex 5 16iau7 Firmware Version < j7cn44ww

Lenovo ≫ Ideapad Flex 5 16iau7 Version-

Lenovo ≫ Ideapad Flex 5 16iru8 Firmware Version < l6cn20ww

Lenovo ≫ Ideapad Flex 5 16iru8 Version-

Lenovo ≫ Flex 7 14iru8 Firmware Version < l6cn20ww

Lenovo ≫ Flex 7 14iru8 Version-

Lenovo ≫ Thinkbook 13s G2 Are Firmware Version < fvcn28ww

Lenovo ≫ Thinkbook 13s G2 Are Version-

Lenovo ≫ Thinkbook 13s G2 Itl Firmware Version < f9cn57ww

Lenovo ≫ Thinkbook 13s G2 Itl Version-

Lenovo ≫ Thinkbook 13s G3 Acn Firmware Version < gmcn35ww

Lenovo ≫ Thinkbook 13s G3 Acn Version-

Lenovo ≫ Thinkbook 13s G4 Iap Firmware Version < hwcn49ww

Lenovo ≫ Thinkbook 13s G4 Iap Version-

Lenovo ≫ Thinkbook 13x G2 Iap Firmware Version < hxcn54ww

Lenovo ≫ Thinkbook 13x G2 Iap Version-

Lenovo ≫ Thinkbook 14s G2 Itl Firmware Version < f9cn57ww

Lenovo ≫ Thinkbook 14s G2 Itl Version-

Lenovo ≫ Yoga 9-15imh5 Firmware Version < epcn32ww

Lenovo ≫ Yoga 9-15imh5 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.102

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
psirt@lenovo.com	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://support.lenovo.com/us/en/product_security/LEN-134879

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-4028

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-4028

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-4028

EUVD