CVE-2023-4029

EPSS 0.04%
Veröffentlicht 17.08.2023 17:15:10
Zuletzt bearbeitet 21.11.2024 08:34:15
Quelle psirt@lenovo.com
Teams Watchlist Login
Unerledigt Login

A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Lenovo ≫ K14 Type 21cu Firmware Version < 1.12

Lenovo ≫ K14 Type 21cu Version-

Lenovo ≫ K14 Type 21cv Firmware Version < 1.12

Lenovo ≫ K14 Type 21cv Version-

Lenovo ≫ Thinkpad S2 Yoga Gen 8 Firmware Version < 1.10

Lenovo ≫ Thinkpad S2 Yoga Gen 8 Version-

Lenovo ≫ Thinkpad E14 Gen 3 Firmware Version < 1.15

Lenovo ≫ Thinkpad E14 Gen 3 Version-

Lenovo ≫ Thinkpad E15 Gen 3 Firmware Version < 1.15

Lenovo ≫ Thinkpad E15 Gen 3 Version-

Lenovo ≫ Thinkpad L13 Gen 2 Firmware Version < 1.30

Lenovo ≫ Thinkpad L13 Gen 2 Version-

Lenovo ≫ Thinkpad L13 Gen 3 Firmware Version < 1.19

Lenovo ≫ Thinkpad L13 Gen 3 Version-

Lenovo ≫ Thinkpad L13 Gen 4 Firmware Version < 1.10

Lenovo ≫ Thinkpad L13 Gen 4 Version-

Lenovo ≫ Thinkpad L13 Yoga Gen 4 Firmware Version < 1.10

Lenovo ≫ Thinkpad L13 Yoga Gen 4 Version-

Lenovo ≫ Thinkpad L13 Yoga Gen 2 Firmware Version < 1.30

Lenovo ≫ Thinkpad L13 Yoga Gen 2 Version-

Lenovo ≫ Thinkpad L13 Yoga Gen 3 Firmware Version < 1.19

Lenovo ≫ Thinkpad L13 Yoga Gen 3 Version-

Lenovo ≫ Thinkpad L14 Gen 2 Firmware Version < 1.28

Lenovo ≫ Thinkpad L14 Gen 2 Version-

Lenovo ≫ Thinkpad L14 Gen 3 Firmware Version < 1.23

Lenovo ≫ Thinkpad L14 Gen 3 Version-

Lenovo ≫ Thinkpad L14 Gen 4 Firmware Version < 1.06

Lenovo ≫ Thinkpad L14 Gen 4 Version-

Lenovo ≫ Thinkpad L15 Gen 2 Firmware Version < 1.28

Lenovo ≫ Thinkpad L15 Gen 2 Version-

Lenovo ≫ Thinkpad L15 Gen 3 Firmware Version < 1.23

Lenovo ≫ Thinkpad L15 Gen 3 Version-

Lenovo ≫ Thinkpad L15 Gen 4 Firmware Version < 1.06

Lenovo ≫ Thinkpad L15 Gen 4 Version-

Lenovo ≫ Thinkpad P14s Gen 2 Firmware Version < 1.34

Lenovo ≫ Thinkpad P14s Gen 2 Version-

Lenovo ≫ Thinkpad T14 Gen 2 Firmware Version < 1.34

Lenovo ≫ Thinkpad T14 Gen 2 Version-

Lenovo ≫ Thinkpad T14s Gen 2 Firmware Version < 1.37

Lenovo ≫ Thinkpad T14s Gen 2 Version-

Lenovo ≫ Thinkpad S2 Gen 6 Firmware Version < 1.30

Lenovo ≫ Thinkpad S2 Gen 6 Version-

Lenovo ≫ Thinkpad S2 Gen 7 Firmware Version < 1.19

Lenovo ≫ Thinkpad S2 Gen 7 Version-

Lenovo ≫ Thinkpad S2 Gen 8 Firmware Version < 1.10

Lenovo ≫ Thinkpad S2 Gen 8 Version-

Lenovo ≫ Thinkpad S2 Yoga Gen 6 Firmware Version < 1.30

Lenovo ≫ Thinkpad S2 Yoga Gen 6 Version-

Lenovo ≫ Thinkpad S2 Yoga Gen 7 Firmware Version < 1.19

Lenovo ≫ Thinkpad S2 Yoga Gen 7 Version-

Lenovo ≫ Thinkpad X13 Gen 2 Firmware Version < 1.37

Lenovo ≫ Thinkpad X13 Gen 2 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.102

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
psirt@lenovo.com	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://support.lenovo.com/us/en/product_security/LEN-134879

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-4029

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-4029

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-4029

EUVD