CVE-2023-4029

EPSS 0.04%
Published 17.08.2023 17:15:10
Last modified 21.11.2024 08:34:15
Source psirt@lenovo.com
Teams watchlist Login
Open Login

A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Lenovo ≫ K14 Type 21cu Firmware Version < 1.12

Lenovo ≫ K14 Type 21cu Version-

Lenovo ≫ K14 Type 21cv Firmware Version < 1.12

Lenovo ≫ K14 Type 21cv Version-

Lenovo ≫ Thinkpad S2 Yoga Gen 8 Firmware Version < 1.10

Lenovo ≫ Thinkpad S2 Yoga Gen 8 Version-

Lenovo ≫ Thinkpad E14 Gen 3 Firmware Version < 1.15

Lenovo ≫ Thinkpad E14 Gen 3 Version-

Lenovo ≫ Thinkpad E15 Gen 3 Firmware Version < 1.15

Lenovo ≫ Thinkpad E15 Gen 3 Version-

Lenovo ≫ Thinkpad L13 Gen 2 Firmware Version < 1.30

Lenovo ≫ Thinkpad L13 Gen 2 Version-

Lenovo ≫ Thinkpad L13 Gen 3 Firmware Version < 1.19

Lenovo ≫ Thinkpad L13 Gen 3 Version-

Lenovo ≫ Thinkpad L13 Gen 4 Firmware Version < 1.10

Lenovo ≫ Thinkpad L13 Gen 4 Version-

Lenovo ≫ Thinkpad L13 Yoga Gen 4 Firmware Version < 1.10

Lenovo ≫ Thinkpad L13 Yoga Gen 4 Version-

Lenovo ≫ Thinkpad L13 Yoga Gen 2 Firmware Version < 1.30

Lenovo ≫ Thinkpad L13 Yoga Gen 2 Version-

Lenovo ≫ Thinkpad L13 Yoga Gen 3 Firmware Version < 1.19

Lenovo ≫ Thinkpad L13 Yoga Gen 3 Version-

Lenovo ≫ Thinkpad L14 Gen 2 Firmware Version < 1.28

Lenovo ≫ Thinkpad L14 Gen 2 Version-

Lenovo ≫ Thinkpad L14 Gen 3 Firmware Version < 1.23

Lenovo ≫ Thinkpad L14 Gen 3 Version-

Lenovo ≫ Thinkpad L14 Gen 4 Firmware Version < 1.06

Lenovo ≫ Thinkpad L14 Gen 4 Version-

Lenovo ≫ Thinkpad L15 Gen 2 Firmware Version < 1.28

Lenovo ≫ Thinkpad L15 Gen 2 Version-

Lenovo ≫ Thinkpad L15 Gen 3 Firmware Version < 1.23

Lenovo ≫ Thinkpad L15 Gen 3 Version-

Lenovo ≫ Thinkpad L15 Gen 4 Firmware Version < 1.06

Lenovo ≫ Thinkpad L15 Gen 4 Version-

Lenovo ≫ Thinkpad P14s Gen 2 Firmware Version < 1.34

Lenovo ≫ Thinkpad P14s Gen 2 Version-

Lenovo ≫ Thinkpad T14 Gen 2 Firmware Version < 1.34

Lenovo ≫ Thinkpad T14 Gen 2 Version-

Lenovo ≫ Thinkpad T14s Gen 2 Firmware Version < 1.37

Lenovo ≫ Thinkpad T14s Gen 2 Version-

Lenovo ≫ Thinkpad S2 Gen 6 Firmware Version < 1.30

Lenovo ≫ Thinkpad S2 Gen 6 Version-

Lenovo ≫ Thinkpad S2 Gen 7 Firmware Version < 1.19

Lenovo ≫ Thinkpad S2 Gen 7 Version-

Lenovo ≫ Thinkpad S2 Gen 8 Firmware Version < 1.10

Lenovo ≫ Thinkpad S2 Gen 8 Version-

Lenovo ≫ Thinkpad S2 Yoga Gen 6 Firmware Version < 1.30

Lenovo ≫ Thinkpad S2 Yoga Gen 6 Version-

Lenovo ≫ Thinkpad S2 Yoga Gen 7 Firmware Version < 1.19

Lenovo ≫ Thinkpad S2 Yoga Gen 7 Version-

Lenovo ≫ Thinkpad X13 Gen 2 Firmware Version < 1.37

Lenovo ≫ Thinkpad X13 Gen 2 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.102

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
psirt@lenovo.com	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://support.lenovo.com/us/en/product_security/LEN-134879

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-4029

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-4029

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-4029

EUVD