6.7

CVE-2024-3100

A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerlenovo
Produkt ideapad_1-11igl05_firmware
Default Statusunaffected
Version < dwcn31ww
Version 0
Status affected
Herstellerlenovo
Produkt flex_5-14itl05_firmware
Default Statusunaffected
Version < fxcn47ww
Version 0
Status affected
Herstellerlenovo
Produkt 100w_gen_3_firmware
Default Statusunaffected
Version < gacn48ww
Version 0
Status affected
Herstellerlenovo
Produkt yoga_slim_7_pro-14ach5_o_firmware
Default Statusunaffected
Version < gzcn36ww
Version 0
Status affected
Herstellerlenovo
Produkt 14w_gen_2_firmware
Default Statusunaffected
Version < h0cn29ww
Version 0
Status affected
Herstellerlenovo
Produkt ideapad_5-15alc05_firmware
Default Statusunaffected
Version < h2cn35ww
Version 0
Status affected
Herstellerlenovo
Produkt thinkbook_13s_g4_iap_firmware
Default Statusunaffected
Version < hwcn52ww
Version 0
Status affected
Herstellerlenovo
Produkt thinkbook_13x_g2_iap_firmware
Default Statusunaffected
Version < hxcn57ww
Version 0
Status affected
Herstellerlenovo
Produkt thinkbook_13s_g4_arb_firmware
Default Statusunaffected
Version < hzcx55ww
Version 0
Status affected
Herstellerlenovo
Produkt ideapad_flex_5_16iau7_firmware
Default Statusunaffected
Version < j7cn48ww
Version 0
Status affected
Herstellerlenovo
Produkt 13w_yoga_firmware
Default Statusunaffected
Version < jacn41ww
Version 0
Status affected
Herstellerlenovo
Produkt ideapad_flex_5_14alc7_firmware
Default Statusunaffected
Version < jccn40ww
Version 0
Status affected
Herstellerlenovo
Produkt ideapad_1_15alc7_firmware
Default Statusunaffected
Version < jtcn54ww
Version 0
Status affected
Herstellerlenovo
Produkt 13w_yoga_gen_2_firmware
Default Statusunaffected
Version < kbcn29ww
Version 0
Status affected
Herstellerlenovo
Produkt ideapad_slim_3_15amn8_firmware
Default Statusunaffected
Version < l1cn41ww
Version 0
Status affected
Herstellerlenovo
Produkt 500w_yoga_gen_4_firmware
Default Statusunaffected
Version < l2cn34ww
Version 0
Status affected
Version < l3cn34ww
Version 0
Status affected
Herstellerlenovo
Produkt ideapad_flex_5_16iru8_firmware
Default Statusunaffected
Version < l6cn24ww
Version 0
Status affected
Herstellerlenovo
Produkt ideapad_flex_5_16abr8_firmware
Default Statusunaffected
Version < l7cn21ww
Version 0
Status affected
Herstellerlenovo
Produkt k14_g2_iru_firmware
Default Statusunaffected
Version < mmcn36ww
Version 0
Status affected
Herstellerlenovo
Produkt thinkbook_16_g6_abp_firmware
Default Statusunaffected
Version < mncn27ww
Version 0
Status affected
Herstellerlenovo
Produkt v15_g4_abp_firmware
Default Statusunaffected
Version < mscn16ww
Version 0
Status affected
Herstellerlenovo
Produkt ideapad_3-17alc6_firmware
Default Statusunaffected
Version < glcn63ww
Version 0
Status affected
Herstellerlenovo
Produkt ideapad_slim_3_16abr8_firmware
Default Statusunaffected
Version < kycn32ww
Version 0
Status affected
Herstellerlenovo
Produkt ideapad_slim_5_light_14abr8_firmware
Default Statusunaffected
Version < l9cn26ww
Version 0
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.101
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@lenovo.com 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).