CVE-2023-43578

EPSS 0.04%
Published 08.11.2023 23:15:10
Last modified 21.11.2024 08:24:25
Source psirt@lenovo.com
Teams watchlist Login
Open Login

A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Lenovo ≫ Ideacentre C5-14imb05 Firmware Version < o4hkt3ca

Lenovo ≫ Ideacentre C5-14imb05 Version-

Lenovo ≫ Ideacentre 3-07ada05 Firmware Version < o4fkt39a

Lenovo ≫ Ideacentre 3-07ada05 Version-

Lenovo ≫ Ideacentre 3-07imb05 Firmware Version < m2vkt21a

Lenovo ≫ Ideacentre 3-07imb05 Version-

Lenovo ≫ Ideacentre 5 14iab7 Firmware Version < m42kt46a

Lenovo ≫ Ideacentre 5 14iab7 Version-

Lenovo ≫ Ideacentre 5 14irb8 Firmware Version < m4ukt36a

Lenovo ≫ Ideacentre 5 14irb8 Version-

Lenovo ≫ Ideacentre 5-14acn6 Firmware Version-

Lenovo ≫ Ideacentre 5-14acn6 Version-

Lenovo ≫ Ideacentre T540-15ama G Firmware Version-

Lenovo ≫ Ideacentre T540-15ama G Version-

Lenovo ≫ Thinkcentre Neo 70t Gen 3 Firmware Version < m40kt45a

Lenovo ≫ Thinkcentre Neo 70t Gen 3 Version-

Lenovo ≫ Thinkcentre Neo 50t Gen 3 Firmware Version < m42kt46a

Lenovo ≫ Thinkcentre Neo 50t Gen 3 Version-

Lenovo ≫ Thinkcentre Neo 50a 24 Gen 4 Firmware Version < o5xkt18a

Lenovo ≫ Thinkcentre Neo 50a 24 Gen 4 Version-

Lenovo ≫ Thinkcentre Neo 50a 24 Gen 3 Firmware Version < o5rkt41a

Lenovo ≫ Thinkcentre Neo 50a 24 Gen 3 Version-

Lenovo ≫ Thinkcentre Neo 30a 27 Gen 4 Firmware Version < o5nkt33a

Lenovo ≫ Thinkcentre Neo 30a 27 Gen 4 Version-

Lenovo ≫ Thinkcentre Neo 30a 27 Gen 4 Firmware Versiono5nkt33a

Lenovo ≫ Thinkcentre Neo 30a 27 Gen 4 Version-

Lenovo ≫ Thinkcentre Neo 30a 27 Gen 3 Firmware Version < o5nkt33a

Lenovo ≫ Thinkcentre Neo 30a 27 Gen 3 Version-

Lenovo ≫ Thinkcentre Neo 30a 24 Gen 4 Firmware Version < o5nkt33a

Lenovo ≫ Thinkcentre Neo 30a 24 Gen 4 Version-

Lenovo ≫ Thinkcentre Neo 30a 24 Gen 3 Firmware Version < o5nkt33a

Lenovo ≫ Thinkcentre Neo 30a 24 Gen 3 Version-

Lenovo ≫ Thinkcentre Neo 30a 22 Gen 4 Firmware Version < o5nkt33a

Lenovo ≫ Thinkcentre Neo 30a 22 Gen 4 Version-

Lenovo ≫ Thinkcentre Neo 30a 22 Gen 3 Firmware Version < o5nkt33a

Lenovo ≫ Thinkcentre Neo 30a 22 Gen 3 Version-

Lenovo ≫ Thinkcentre M920z All-in-one Firmware Version < m1mkt56a

Lenovo ≫ Thinkcentre M920z All-in-one Version-

Lenovo ≫ Thinkcentre M90t Gen 3 Firmware Version < m40kt45a

Lenovo ≫ Thinkcentre M90t Gen 3 Version-

Lenovo ≫ Thinkcentre M90t Firmware Version < m2tkt55a

Lenovo ≫ Thinkcentre M90t Version-

Lenovo ≫ Thinkcentre M90s Gen 3 Firmware Version < m40kt45a

Lenovo ≫ Thinkcentre M90s Gen 3 Version-

Lenovo ≫ Thinkcentre M90s Firmware Version < m2tkt55a

Lenovo ≫ Thinkcentre M90s Version-

Lenovo ≫ Thinkcentre M90q Tiny Firmware Version-

Lenovo ≫ Thinkcentre M90q Tiny Version-

Lenovo ≫ Thinkcentre M90q Gen 3 Firmware Version-

Lenovo ≫ Thinkcentre M90q Gen 3 Version-

Lenovo ≫ Thinkcentre M90q Gen 2 Firmware Version-

Lenovo ≫ Thinkcentre M90q Gen 2 Version-

Lenovo ≫ Thinkcentre M90a Pro Gen 3 Firmware Version < m4hkt1da

Lenovo ≫ Thinkcentre M90a Pro Gen 3 Version-

Lenovo ≫ Thinkcentre M90a Gen 3 Firmware Version < m4ikt1da

Lenovo ≫ Thinkcentre M90a Gen 3 Version-

Lenovo ≫ Thinkcentre M90a Gen 2 Firmware Version < m3lkt2aa

Lenovo ≫ Thinkcentre M90a Gen 2 Version-

Lenovo ≫ Thinkcentre M90a Firmware Version < m2rkt57a

Lenovo ≫ Thinkcentre M90a Version-

Lenovo ≫ Thinkcentre M80t Gen 3 Firmware Version < m40kt45a

Lenovo ≫ Thinkcentre M80t Gen 3 Version-

Lenovo ≫ Thinkcentre M80t Firmware Version < m2tkt55a

Lenovo ≫ Thinkcentre M80t Version-

Lenovo ≫ Thinkcentre M80s Gen 3 Firmware Version < m40kt45a

Lenovo ≫ Thinkcentre M80s Gen 3 Version-

Lenovo ≫ Thinkcentre M80s Firmware Version < m2tkt55a

Lenovo ≫ Thinkcentre M80s Version-

Lenovo ≫ Thinkcentre M80q Gen 3 Firmware Version-

Lenovo ≫ Thinkcentre M80q Gen 3 Version-

Lenovo ≫ Thinkcentre M80q Firmware Version-

Lenovo ≫ Thinkcentre M80q Version-

Lenovo ≫ Thinkcentre M75t Gen 2 Firmware Version-

Lenovo ≫ Thinkcentre M75t Gen 2 Version-

Lenovo ≫ Thinkcentre M75s Gen 2 Firmware Version-

Lenovo ≫ Thinkcentre M75s Gen 2 Version-

Lenovo ≫ Thinkcentre M75q Gen 2 Firmware Version-

Lenovo ≫ Thinkcentre M75q Gen 2 Version-

Lenovo ≫ Thinkcentre M75n Firmware Version < m33kt29a

Lenovo ≫ Thinkcentre M75n Version-

Lenovo ≫ Thinkcentre M70t Gen 3 Firmware Version < m41kt45a

Lenovo ≫ Thinkcentre M70t Gen 3 Version-

Lenovo ≫ Thinkcentre M70t Firmware Version < m2tkt55a

Lenovo ≫ Thinkcentre M70t Version-

Lenovo ≫ Thinkcentre M70s Gen 3 Firmware Version < m41kt45a

Lenovo ≫ Thinkcentre M70s Gen 3 Version-

Lenovo ≫ Thinkcentre M70s Firmware Version < m2tkt55a

Lenovo ≫ Thinkcentre M70s Version-

Lenovo ≫ Thinkcentre M70q Gen 2 Firmware Version-

Lenovo ≫ Thinkcentre M70q Gen 2 Version-

Lenovo ≫ Thinkcentre M70q Firmware Version-

Lenovo ≫ Thinkcentre M70q Version-

Lenovo ≫ Thinkcentre M70c Firmware Version < m2vkt21a

Lenovo ≫ Thinkcentre M70c Version-

Lenovo ≫ Thinkcentre M70a Gen 3 Firmware Version-

Lenovo ≫ Thinkcentre M70a Gen 3 Version-

Lenovo ≫ Thinkcentre M630e Firmware Version < m28kt42a

Lenovo ≫ Thinkcentre M630e Version-

Lenovo ≫ Thinkcentre M625q Firmware Version-

Lenovo ≫ Thinkcentre M625q Version-

Lenovo ≫ Loq 17irb8 Firmware Version < m4ukt36a

Lenovo ≫ Loq 17irb8 Version-

Lenovo ≫ Legion T5 26iab7 Firmware Version < o5lkt2ba

Lenovo ≫ Legion T5 26iab7 Version-

Lenovo ≫ Legion T7-34imz5 Firmware Version < o5fkt17a

Lenovo ≫ Legion T7-34imz5 Version-

Lenovo ≫ Legion T7-34iaz7 Firmware Version < o5hkt2ca

Lenovo ≫ Legion T7-34iaz7 Version-

Lenovo ≫ Legion T7 34irz8 Firmware Version < o5ukt1fa

Lenovo ≫ Legion T7 34irz8 Version-

Lenovo ≫ Legion T5 26irb8 Firmware Version < o5tkt1ca

Lenovo ≫ Legion T5 26irb8 Version-

Lenovo ≫ Ideacentre Mini 5-01imh05 Firmware Version-

Lenovo ≫ Ideacentre Mini 5-01imh05 Version-

Lenovo ≫ Ideacentre Mini 5 01iaq7 Firmware Version < o53kt10a

Lenovo ≫ Ideacentre Mini 5 01iaq7 Version-

Lenovo ≫ Ideacentre Gaming 5-14iob6 Firmware Version < m3gkt3da

Lenovo ≫ Ideacentre Gaming 5-14iob6 Version-

Lenovo ≫ Ideacentre Gaming 5-14acn6 Firmware Version-

Lenovo ≫ Ideacentre Gaming 5-14acn6 Version-

Lenovo ≫ Ideacentre Gaming 5 17iab7 Firmware Version < m42kt46a

Lenovo ≫ Ideacentre Gaming 5 17iab7 Version-

Lenovo ≫ Ideacentre Gaming 5 17acn7 Firmware Version-

Lenovo ≫ Ideacentre Gaming 5 17acn7 Version-

Lenovo ≫ Ideacentre G5-14imb05 Firmware Version < o4hkt3ca

Lenovo ≫ Ideacentre G5-14imb05 Version-

Lenovo ≫ Ideacentre G5-14amr05 Firmware Version < o4zkt2ba

Lenovo ≫ Ideacentre G5-14amr05 Version-

Lenovo ≫ Ideacentre Creator 5-14iob6 Firmware Version < m3gkt3da

Lenovo ≫ Ideacentre Creator 5-14iob6 Version-

Lenovo ≫ Ideacentre Aio 5 27iah7 Firmware Version < o5rkt41a

Lenovo ≫ Ideacentre Aio 5 27iah7 Version-

Lenovo ≫ Ideacentre Aio 5 24iah7 Firmware Version < o5rkt41a

Lenovo ≫ Ideacentre Aio 5 24iah7 Version-

Lenovo ≫ Ideacentre Aio 3-27itl6 Firmware Version < o5akt34a

Lenovo ≫ Ideacentre Aio 3-27itl6 Version-

Lenovo ≫ Ideacentre Aio 3-27imb05 Firmware Version < o4rkt31a

Lenovo ≫ Ideacentre Aio 3-27imb05 Version-

Lenovo ≫ Ideacentre Aio 3-24itl6 Firmware Version < o5akt34a

Lenovo ≫ Ideacentre Aio 3-24itl6 Version-

Lenovo ≫ Ideacentre Aio 3-24imb05 Firmware Version < o4rkt31a

Lenovo ≫ Ideacentre Aio 3-24imb05 Version-

Lenovo ≫ Ideacentre Aio 3-24iil5 Firmware Version < o56kt24a

Lenovo ≫ Ideacentre Aio 3-24iil5 Version-

Lenovo ≫ Ideacentre Aio 3-24alc6 Firmware Version < o5bkt25a

Lenovo ≫ Ideacentre Aio 3-24alc6 Version-

Lenovo ≫ Ideacentre Aio 3-22itl6 Firmware Version < o5akt34a

Lenovo ≫ Ideacentre Aio 3-22itl6 Version-

Lenovo ≫ Ideacentre Aio 3-22imb05 Firmware Version < o4rkt31a

Lenovo ≫ Ideacentre Aio 3-22imb05 Version-

Lenovo ≫ Ideacentre Aio 3-22iil5 Firmware Version < o56kt24a

Lenovo ≫ Ideacentre Aio 3-22iil5 Version-

Lenovo ≫ Ideacentre Aio 3 27iap7 Firmware Version < o5nkt33a

Lenovo ≫ Ideacentre Aio 3 27iap7 Version-

Lenovo ≫ Ideacentre Aio 3 24iap7 Firmware Version < o5nkt33a

Lenovo ≫ Ideacentre Aio 3 24iap7 Version-

Lenovo ≫ Ideacentre Aio 3 22iap7 Firmware Version < o5nkt33a

Lenovo ≫ Ideacentre Aio 3 22iap7 Version-

Lenovo ≫ Ideacentre Aio 3 21itl7 Firmware Version < o5akt34a

Lenovo ≫ Ideacentre Aio 3 21itl7 Version-

Lenovo ≫ Ideacentre 5-14iob6 Firmware Version < m3gkt3da

Lenovo ≫ Ideacentre 5-14iob6 Version-

Lenovo ≫ Ideacentre 5-14imb05 Firmware Version < o4hkt3ca

Lenovo ≫ Ideacentre 5-14imb05 Version-

Lenovo ≫ V30a-22iml Firmware Version < m37kt31a

Lenovo ≫ V30a-22iml Version-

Lenovo ≫ V30a-22itl Firmware Version < o5akt34a

Lenovo ≫ V30a-22itl Version-

Lenovo ≫ V30a-24iml Firmware Version < m37kt31a

Lenovo ≫ V30a-24iml Version-

Lenovo ≫ V30a-24itl Firmware Version < o5akt34a

Lenovo ≫ V30a-24itl Version-

Lenovo ≫ V50a-22imb Firmware Version < m36kt32a

Lenovo ≫ V50a-22imb Version-

Lenovo ≫ V50a-24imb Firmware Version < m36kt32a

Lenovo ≫ V50a-24imb Version-

Lenovo ≫ V50s-07imb Firmware Version < m2vkt21a

Lenovo ≫ V50s-07imb Version-

Lenovo ≫ V50t-13imb Firmware Version < o4hkt3ca

Lenovo ≫ V50t-13imb Version-

Lenovo ≫ V50t-13imh Firmware Version < m4pkt16a

Lenovo ≫ V50t-13imh Version-

Lenovo ≫ V50t-13iob Firmware Version < m3gkt3da

Lenovo ≫ V50t-13iob Version-

Lenovo ≫ V55t Gen 2 13acn Firmware Version < o5jkt2ca

Lenovo ≫ V55t Gen 2 13acn Version-

Lenovo ≫ Yoga Aio 7 27arh7 Firmware Version-

Lenovo ≫ Yoga Aio 7 27arh7 Version-

Lenovo ≫ Yoga Aio 7-27arh6 Firmware Version-

Lenovo ≫ Yoga Aio 7-27arh6 Version-

Lenovo ≫ Thinkedge Se30 Firmware Version-

Lenovo ≫ Thinkedge Se30 Version-

Lenovo ≫ Thinkstation P920 Workstation Firmware Version-

Lenovo ≫ Thinkstation P920 Workstation Version-

Lenovo ≫ Thinkstation P720 Workstation Firmware Version-

Lenovo ≫ Thinkstation P720 Workstation Version-

Lenovo ≫ Thinkstation P520c Workstation Firmware Version-

Lenovo ≫ Thinkstation P520c Workstation Version-

Lenovo ≫ Thinkstation P520 Workstation Firmware Version-

Lenovo ≫ Thinkstation P520 Workstation Version-

Lenovo ≫ Thinkstation P360 Workstation Firmware Version-

Lenovo ≫ Thinkstation P360 Workstation Version-

Lenovo ≫ Thinkstation P360 Workstation Firmware Version < s0ekt45a

Lenovo ≫ Thinkstation P360 Workstation Version-

Lenovo ≫ Thinkstation P360 Ultra Workstation Firmware Version-

Lenovo ≫ Thinkstation P360 Ultra Workstation Version-

Lenovo ≫ Thinkstation P360 Tiny Workstation Firmware Version-

Lenovo ≫ Thinkstation P360 Tiny Workstation Version-

Lenovo ≫ Thinkstation P358 Workstation Firmware Version < s0hkt23a

Lenovo ≫ Thinkstation P358 Workstation Version-

Lenovo ≫ Thinkstation P350 Workstation Firmware Version-

Lenovo ≫ Thinkstation P350 Workstation Version-

Lenovo ≫ Thinkstation P350 Tiny Workstation Firmware Version-

Lenovo ≫ Thinkstation P350 Tiny Workstation Version-

Lenovo ≫ Thinkstation P348 Workstation Firmware Version-

Lenovo ≫ Thinkstation P348 Workstation Version-

Lenovo ≫ Thinkstation P340 Workstation Firmware Version < s08kt55a

Lenovo ≫ Thinkstation P340 Workstation Version-

Lenovo ≫ Thinkstation P340 Tiny Workstation Firmware Version-

Lenovo ≫ Thinkstation P340 Tiny Workstation Version-

Lenovo ≫ Thinkstation P330 Workstation 2nd Gen Firmware Version < m1vkt73a

Lenovo ≫ Thinkstation P330 Workstation 2nd Gen Version-

Lenovo ≫ Thinkstation P330 Workstation Firmware Version < m1vkt73a

Lenovo ≫ Thinkstation P330 Workstation Version-

Lenovo ≫ Thinkstation P320 Workstation Firmware Version-

Lenovo ≫ Thinkstation P320 Workstation Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.102

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
psirt@lenovo.com	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://support.lenovo.com/us/en/product_security/LEN-141775

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-43578

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-43578

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-43578

EUVD