Action not permitted
Modal body text goes here.
wid-sec-w-2023-2865
Vulnerability from csaf_certbund
Published
2023-11-08 23:00
Modified
2023-11-08 23:00
Summary
Lenovo BIOS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das BIOS ist die Firmware bei IBM PC kompatiblen Computern.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen im Lenovo BIOS ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, Dateien zu manipulieren oder Informationen offenzulegen.
Betroffene Betriebssysteme
- BIOS/Firmware
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Das BIOS ist die Firmware bei IBM PC kompatiblen Computern.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Lenovo BIOS ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen.", "title": "Angriff" }, { "category": "general", "text": "- BIOS/Firmware", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2865 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2865.json" }, { "category": "self", "summary": "WID-SEC-2023-2865 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2865" }, { "category": "external", "summary": "Lenovo Security Advisory: LEN-141775 vom 2023-11-08", "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "source_lang": "en-US", "title": "Lenovo BIOS: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-11-08T23:00:00.000+00:00", "generator": { "date": "2024-08-15T18:01:22.629+00:00", "engine": { "name": "BSI-WID", "version": "1.3.5" } }, "id": "WID-SEC-W-2023-2865", "initial_release_date": "2023-11-08T23:00:00.000+00:00", "revision_history": [ { "date": "2023-11-08T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Lenovo BIOS", "product": { "name": "Lenovo BIOS", "product_id": "T005651", "product_identification_helper": { "cpe": "cpe:/h:lenovo:bios:-" } } } ], "category": "vendor", "name": "Lenovo" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-5078", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-5078" }, { "cve": "CVE-2023-5075", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-5075" }, { "cve": "CVE-2023-45079", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-45079" }, { "cve": "CVE-2023-45078", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-45078" }, { "cve": "CVE-2023-45077", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-45077" }, { "cve": "CVE-2023-45076", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-45076" }, { "cve": "CVE-2023-45075", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-45075" }, { "cve": "CVE-2023-43581", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-43581" }, { "cve": "CVE-2023-43580", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-43580" }, { "cve": "CVE-2023-43579", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-43579" }, { "cve": "CVE-2023-43578", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-43578" }, { "cve": "CVE-2023-43577", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-43577" }, { "cve": "CVE-2023-43576", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-43576" }, { "cve": "CVE-2023-43575", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-43575" }, { "cve": "CVE-2023-43574", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-43574" }, { "cve": "CVE-2023-43573", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-43573" }, { "cve": "CVE-2023-43572", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-43572" }, { "cve": "CVE-2023-43571", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-43571" }, { "cve": "CVE-2023-43570", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-43570" }, { "cve": "CVE-2023-43569", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-43569" }, { "cve": "CVE-2023-43568", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-43568" }, { "cve": "CVE-2023-43567", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-43567" }, { "cve": "CVE-2023-25494", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-25494" }, { "cve": "CVE-2023-25493", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-25493" }, { "cve": "CVE-2023-20597", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-20597" }, { "cve": "CVE-2023-20594", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Lenovo-BIOS. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren oder Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T005651" ] }, "release_date": "2023-11-08T23:00:00.000+00:00", "title": "CVE-2023-20594" } ] }
cve-2023-5078
Vulnerability from cvelistv5
Published
2023-11-08 22:02
Modified
2024-09-16 14:52
Severity ?
EPSS score ?
Summary
A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | ThinkPad BIOS |
Version: various |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:44:53.770Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "thinkpad", "vendor": "lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-5078", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T19:14:32.923682Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T19:16:55.850Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "ThinkPad BIOS", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Krzysztof Okupski, Enrique Nissim, Joseph Tartaro of IOActive for reporting this vulnerability." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware." } ], "value": "A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1419", "description": "CWE-1419: Incorrect Initialization of Resource", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-16T14:52:18.065Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update system firmware to the version (or newer) indicated for your model in the advisory: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e\n\n\u003cbr\u003e" } ], "value": "Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-5078", "datePublished": "2023-11-08T22:02:49.076Z", "dateReserved": "2023-09-19T20:53:37.522Z", "dateUpdated": "2024-09-16T14:52:18.065Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43578
Vulnerability from cvelistv5
Published
2023-11-08 22:21
Modified
2024-09-04 19:08
Severity ?
EPSS score ?
Summary
A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Desktop BIOS |
Version: various |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:44:43.766Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:lenovo:desktop_bios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "desktop_bios", "vendor": "lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-43578", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T18:59:43.707280Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T19:08:31.990Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Desktop BIOS", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. " } ], "value": "A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. " } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120: Buffer Copy without Checking Size of Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-08T22:21:21.705Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u0026nbsp;\u003ca href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e" } ], "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-141775 " } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-43578", "datePublished": "2023-11-08T22:21:21.705Z", "dateReserved": "2023-09-19T19:57:45.825Z", "dateUpdated": "2024-09-04T19:08:31.990Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20597
Vulnerability from cvelistv5
Published
2023-09-20 17:32
Modified
2024-09-26 16:04
Severity ?
EPSS score ?
Summary
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ 3000 Series Desktop Processors “Matisse” |
Version: various |
||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:05:36.261Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-20597", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T16:02:44.267356Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T16:04:20.231Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics \u201cCezanne\u201d ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS SP3", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 6000 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt\"", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt-R\"", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \"Barcelo\"", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] } ], "datePublic": "2023-09-20T16:30:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eImproper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" } ], "value": "\n\n\nImproper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" } ], "providerMetadata": { "dateUpdated": "2023-09-20T17:32:18.969Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007" } ], "source": { "advisory": "AMD-SB-4007", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2023-20597", "datePublished": "2023-09-20T17:32:18.969Z", "dateReserved": "2022-10-27T18:53:39.763Z", "dateUpdated": "2024-09-26T16:04:20.231Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43567
Vulnerability from cvelistv5
Published
2023-11-08 22:04
Modified
2024-09-12 13:27
Severity ?
EPSS score ?
Summary
A buffer overflow was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Desktop BIOS |
Version: various |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:44:43.845Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:lenovo:desktop_bios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "desktop_bios", "vendor": "lenovo", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-43567", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-05T14:41:10.108997Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-12T13:27:56.896Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Desktop BIOS", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A buffer overflow was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code." } ], "value": "A buffer overflow was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120: Buffer Copy without Checking Size of Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-08T22:04:47.676Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u0026nbsp;\u003ca href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e" } ], "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-141775 " } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-43567", "datePublished": "2023-11-08T22:04:47.676Z", "dateReserved": "2023-09-19T19:57:40.660Z", "dateUpdated": "2024-09-12T13:27:56.896Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25493
Vulnerability from cvelistv5
Published
2024-04-05 20:46
Modified
2024-09-16 14:50
Severity ?
EPSS score ?
Summary
A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges to execute arbitrary code.
References
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:lenovo:bios:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bios", "vendor": "lenovo", "versions": [ { "status": "affected", "version": "0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-25493", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-05T22:13:08.326323Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-31T19:31:26.044Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T11:25:18.371Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "BIOS", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Souhardya Sardar of Cyberstanc for reporting this issue." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges to execute arbitrary code. \u003c/span\u003e" } ], "value": "A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges to execute arbitrary code." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-16T14:50:40.027Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update system firmware to the version (or newer) indicated for your model in the advisory: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e" } ], "value": "Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-25493", "datePublished": "2024-04-05T20:46:00.491Z", "dateReserved": "2023-02-06T15:09:03.709Z", "dateUpdated": "2024-09-16T14:50:40.027Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25494
Vulnerability from cvelistv5
Published
2024-04-05 20:46
Modified
2024-08-02 11:25
Severity ?
EPSS score ?
Summary
A potential vulnerability were reported in the BIOS of some Desktop, Smart Edge, and ThinkStation products that could allow a local attacker with elevated privileges to write to NVRAM variables.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Desktop BIOS, Smart Edge BIOS, ThinkStation BIOS |
Version: various |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-25494", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-08T16:18:23.073422Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-20T16:17:26.297Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T11:25:18.856Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Desktop BIOS, Smart Edge BIOS, ThinkStation BIOS", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Souhardya Sardar of Cyberstanc for reporting this issue." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential vulnerability were reported in the BIOS of some Desktop, Smart Edge, and ThinkStation products that could allow a local attacker with elevated privileges to write to NVRAM variables. \u003c/span\u003e\n\n" } ], "value": "\nA potential vulnerability were reported in the BIOS of some Desktop, Smart Edge, and ThinkStation products that could allow a local attacker with elevated privileges to write to NVRAM variables. \n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-05T20:46:09.016Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update system firmware to the version (or newer) indicated for your model in the advisory: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e" } ], "value": "Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775 " } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-25494", "datePublished": "2024-04-05T20:46:09.016Z", "dateReserved": "2023-02-06T15:09:03.709Z", "dateUpdated": "2024-08-02T11:25:18.856Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43580
Vulnerability from cvelistv5
Published
2023-11-08 22:24
Modified
2024-09-04 18:54
Severity ?
EPSS score ?
Summary
A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Desktop BIOS |
Version: various |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:44:43.633Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:lenovo:desktop_bios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "desktop_bios", "vendor": "lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-43580", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T18:50:39.746919Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T18:54:10.701Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Desktop BIOS", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code." } ], "value": "A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120: Buffer Copy without Checking Size of Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-08T22:24:39.492Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u0026nbsp;\u003ca href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e" } ], "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-141775 " } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-43580", "datePublished": "2023-11-08T22:24:39.492Z", "dateReserved": "2023-09-19T19:57:45.825Z", "dateUpdated": "2024-09-04T18:54:10.701Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43569
Vulnerability from cvelistv5
Published
2023-11-08 22:06
Modified
2024-09-12 13:19
Severity ?
EPSS score ?
Summary
A buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Desktop BIOS |
Version: various |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:44:43.779Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:lenovo:desktop_bios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "desktop_bios", "vendor": "lenovo", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-43569", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-05T14:40:46.947317Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-12T13:19:41.547Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Desktop BIOS", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.\u0026nbsp;" } ], "value": "A buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.\u00a0" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120: Buffer Copy without Checking Size of Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-08T22:06:52.623Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u0026nbsp;\u003ca href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e" } ], "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-141775 " } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-43569", "datePublished": "2023-11-08T22:06:52.623Z", "dateReserved": "2023-09-19T19:57:40.660Z", "dateUpdated": "2024-09-12T13:19:41.547Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45077
Vulnerability from cvelistv5
Published
2023-11-08 22:30
Modified
2024-09-04 17:54
Severity ?
EPSS score ?
Summary
A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:19.032Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:lenovo:bios:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bios", "vendor": "lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-45077", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T17:52:03.826324Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T17:54:09.101Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "BIOS", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Souhardya Sardar of Cyberstanc for reporting this issue." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. " } ], "value": "A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. " } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-08T22:38:59.712Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update system firmware to the version (or newer) indicated for your model in the advisory: \u003ca href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e" } ], "value": "Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775 " } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-45077", "datePublished": "2023-11-08T22:30:05.886Z", "dateReserved": "2023-10-03T17:36:49.034Z", "dateUpdated": "2024-09-04T17:54:09.101Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45078
Vulnerability from cvelistv5
Published
2023-11-08 22:30
Modified
2024-09-04 17:50
Severity ?
EPSS score ?
Summary
A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:18.388Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:lenovo:bios:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bios", "vendor": "lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-45078", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T17:48:51.693243Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T17:50:14.651Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "BIOS", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Souhardya Sardar of Cyberstanc for reporting this issue." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. " } ], "value": "A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. " } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-08T22:30:49.077Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update system firmware to the version (or newer) indicated for your model in the advisory: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e" } ], "value": "Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775 " } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-45078", "datePublished": "2023-11-08T22:30:49.077Z", "dateReserved": "2023-10-03T17:36:49.034Z", "dateUpdated": "2024-09-04T17:50:14.651Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20594
Vulnerability from cvelistv5
Published
2023-09-20 17:27
Modified
2024-09-25 15:26
Severity ?
EPSS score ?
Summary
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:05:36.973Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-20594", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-25T15:25:52.143486Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-25T15:26:01.771Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics \u201cCezanne\u201d ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics \u201cRenoir\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS SP3", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 6000 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt\"", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt-R\"", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \"Barcelo\"", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "3rd Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2023-09-20T16:30:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eImproper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" } ], "value": "\nImproper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" } ], "providerMetadata": { "dateUpdated": "2023-09-20T17:27:59.742Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007" } ], "source": { "advisory": "AMD-SB-4007", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2023-20594", "datePublished": "2023-09-20T17:27:59.742Z", "dateReserved": "2022-10-27T18:53:39.762Z", "dateUpdated": "2024-09-25T15:26:01.771Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43577
Vulnerability from cvelistv5
Published
2023-11-08 22:38
Modified
2024-08-02 19:44
Severity ?
EPSS score ?
Summary
A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Desktop BIOS |
Version: various |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:44:43.751Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Desktop BIOS", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code." } ], "value": "A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120: Buffer Copy without Checking Size of Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-08T22:38:22.292Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u0026nbsp;\u003ca href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e" } ], "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-141775 " } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-43577", "datePublished": "2023-11-08T22:38:22.292Z", "dateReserved": "2023-09-19T19:57:45.825Z", "dateUpdated": "2024-08-02T19:44:43.751Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43581
Vulnerability from cvelistv5
Published
2023-11-08 22:25
Modified
2024-09-04 18:02
Severity ?
EPSS score ?
Summary
A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Desktop BIOS |
Version: various |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:44:43.769Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:lenovo:desktop_bios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "desktop_bios", "vendor": "lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-43581", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T18:01:21.384383Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T18:02:07.985Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Desktop BIOS", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code." } ], "value": "A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120: Buffer Copy without Checking Size of Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-08T22:25:28.020Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u0026nbsp;\u003ca href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e" } ], "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-141775 " } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-43581", "datePublished": "2023-11-08T22:25:28.020Z", "dateReserved": "2023-09-19T19:57:45.825Z", "dateUpdated": "2024-09-04T18:02:07.985Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43574
Vulnerability from cvelistv5
Published
2023-11-08 22:35
Modified
2024-09-03 20:34
Severity ?
EPSS score ?
Summary
A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges
to disclose sensitive information.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Desktop BIOS |
Version: various |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:44:43.824Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-43574", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-03T20:32:21.977524Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-03T20:34:05.696Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Desktop BIOS", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges\n\nto disclose sensitive information.\n\n" } ], "value": "A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges\n\nto disclose sensitive information.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-126", "description": "CWE-126", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-08T22:35:35.999Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e" } ], "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-141775 " } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-43574", "datePublished": "2023-11-08T22:35:35.999Z", "dateReserved": "2023-09-19T19:57:40.661Z", "dateUpdated": "2024-09-03T20:34:05.696Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43572
Vulnerability from cvelistv5
Published
2023-11-08 22:33
Modified
2024-09-03 20:41
Severity ?
EPSS score ?
Summary
A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Desktop BIOS |
Version: various |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:44:43.772Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-43572", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-03T20:32:27.522552Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-03T20:41:08.509Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Desktop BIOS", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.\n\n" } ], "value": "A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-126", "description": "CWE-126", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-08T22:33:42.317Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e" } ], "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-141775 " } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-43572", "datePublished": "2023-11-08T22:33:42.317Z", "dateReserved": "2023-09-19T19:57:40.661Z", "dateUpdated": "2024-09-03T20:41:08.509Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43568
Vulnerability from cvelistv5
Published
2023-11-08 22:05
Modified
2024-09-03 20:41
Severity ?
EPSS score ?
Summary
A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Desktop BIOS |
Version: various |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:44:43.641Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-43568", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-03T20:32:33.702382Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-03T20:41:29.132Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Desktop BIOS", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information." } ], "value": "A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-126", "description": "CWE-126", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-08T22:05:53.826Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u0026nbsp;\u003ca href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e" } ], "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-141775 " } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-43568", "datePublished": "2023-11-08T22:05:53.826Z", "dateReserved": "2023-09-19T19:57:40.660Z", "dateUpdated": "2024-09-03T20:41:29.132Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-5075
Vulnerability from cvelistv5
Published
2023-11-08 22:01
Modified
2024-09-03 20:09
Severity ?
EPSS score ?
Summary
A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | IdeaPad Duet 3-10IGL5 |
Version: BIOS versions prior to EQCN39WW |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:44:53.702Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:h:lenovo:ideapad_duet_3_10igl5:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ideapad_duet_3_10igl5", "vendor": "lenovo", "versions": [ { "status": "affected", "version": "bios_versions_prior_to_eqcn39ww" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-5075", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-03T20:06:35.190708Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-03T20:09:35.465Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "IdeaPad Duet 3-10IGL5", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "BIOS versions prior to EQCN39WW" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code." } ], "value": "A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-08T22:01:34.869Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\nUpdate system firmware to the version (or newer) indicated for your model in the advisory: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e\n\n\u003cbr\u003e" } ], "value": "\nUpdate system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775 \n\n\n" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-5075", "datePublished": "2023-11-08T22:01:34.869Z", "dateReserved": "2023-09-19T20:38:26.386Z", "dateUpdated": "2024-09-03T20:09:35.465Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43575
Vulnerability from cvelistv5
Published
2023-11-08 22:37
Modified
2024-09-04 15:56
Severity ?
EPSS score ?
Summary
A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Desktop BIOS |
Version: various |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:44:42.822Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:lenovo:desktop_bios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "desktop_bios", "vendor": "lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-43575", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T15:54:18.395655Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T15:56:01.147Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Desktop BIOS", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. " } ], "value": "A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. " } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120: Buffer Copy without Checking Size of Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-08T22:37:04.075Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u0026nbsp;\u003ca href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e" } ], "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-141775 " } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-43575", "datePublished": "2023-11-08T22:37:04.075Z", "dateReserved": "2023-09-19T19:57:40.662Z", "dateUpdated": "2024-09-04T15:56:01.147Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45079
Vulnerability from cvelistv5
Published
2023-11-08 22:32
Modified
2024-09-04 17:43
Severity ?
EPSS score ?
Summary
A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:19.032Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:lenovo:bios:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bios", "vendor": "lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-45079", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T17:42:45.727166Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T17:43:46.981Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "BIOS", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Souhardya Sardar of Cyberstanc for reporting this issue." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. \u003cbr\u003e\u003cbr\u003e" } ], "value": "A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. \n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-08T22:32:37.592Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update system firmware to the version (or newer) indicated for your model in the advisory: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e" } ], "value": "Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775 " } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-45079", "datePublished": "2023-11-08T22:32:37.592Z", "dateReserved": "2023-10-03T17:36:49.034Z", "dateUpdated": "2024-09-04T17:43:46.981Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43573
Vulnerability from cvelistv5
Published
2023-11-08 22:34
Modified
2024-09-04 17:11
Severity ?
EPSS score ?
Summary
A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Desktop BIOS |
Version: various |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:44:43.792Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:lenovo:desktop_bios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "desktop_bios", "vendor": "lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-43573", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T17:09:11.298367Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T17:11:17.485Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Desktop BIOS", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code." } ], "value": "A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120: Buffer Copy without Checking Size of Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-08T22:34:34.124Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u0026nbsp;\u003ca href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e" } ], "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-141775 " } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-43573", "datePublished": "2023-11-08T22:34:34.124Z", "dateReserved": "2023-09-19T19:57:40.661Z", "dateUpdated": "2024-09-04T17:11:17.485Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43571
Vulnerability from cvelistv5
Published
2023-11-08 22:18
Modified
2024-09-04 19:13
Severity ?
EPSS score ?
Summary
A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Desktop BIOS |
Version: various |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:44:43.717Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:lenovo:desktop_bios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "desktop_bios", "vendor": "lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-43571", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T19:11:57.863087Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T19:13:47.746Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Desktop BIOS", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code." } ], "value": "A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120: Buffer Copy without Checking Size of Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-08T22:18:31.018Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u0026nbsp;\u003ca href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e" } ], "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-141775 " } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-43571", "datePublished": "2023-11-08T22:18:31.018Z", "dateReserved": "2023-09-19T19:57:40.661Z", "dateUpdated": "2024-09-04T19:13:47.746Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45076
Vulnerability from cvelistv5
Published
2023-11-08 22:28
Modified
2024-09-04 17:56
Severity ?
EPSS score ?
Summary
A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:19.503Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:lenovo:bios:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bios", "vendor": "lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-45076", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T17:55:45.684582Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T17:56:30.453Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "BIOS", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Souhardya Sardar of Cyberstanc for reporting this issue." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.\u003cbr\u003e" } ], "value": "A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-08T22:28:20.459Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update system firmware to the version (or newer) indicated for your model in the advisory: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e" } ], "value": "Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775 " } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-45076", "datePublished": "2023-11-08T22:28:20.459Z", "dateReserved": "2023-10-03T17:36:49.034Z", "dateUpdated": "2024-09-04T17:56:30.453Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43579
Vulnerability from cvelistv5
Published
2023-11-08 22:23
Modified
2024-09-04 18:57
Severity ?
EPSS score ?
Summary
A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Desktop BIOS |
Version: various |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:44:43.806Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:lenovo:desktop_bios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "desktop_bios", "vendor": "lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-43579", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T18:56:27.707981Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T18:57:18.103Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Desktop BIOS", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. " } ], "value": "A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. " } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120: Buffer Copy without Checking Size of Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-08T22:23:54.660Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u0026nbsp;\u003ca href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e" } ], "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-141775 " } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-43579", "datePublished": "2023-11-08T22:23:54.660Z", "dateReserved": "2023-09-19T19:57:45.825Z", "dateUpdated": "2024-09-04T18:57:18.103Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43576
Vulnerability from cvelistv5
Published
2023-11-08 22:37
Modified
2024-08-02 19:44
Severity ?
EPSS score ?
Summary
A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Desktop BIOS |
Version: various |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:44:43.777Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Desktop BIOS", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code." } ], "value": "A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120: Buffer Copy without Checking Size of Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-08T22:37:43.945Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u0026nbsp;\u003ca href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e" } ], "value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-141775 " } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-43576", "datePublished": "2023-11-08T22:37:43.945Z", "dateReserved": "2023-09-19T19:57:40.662Z", "dateUpdated": "2024-08-02T19:44:43.777Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43570
Vulnerability from cvelistv5
Published
2023-11-08 22:07
Modified
2024-09-12 18:58
Severity ?
EPSS score ?
Summary
A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Desktop BIOS |
Version: various |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:44:43.743Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-43570", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T15:44:20.492346Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-12T18:58:37.515Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Desktop BIOS", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\nA potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code. \n\n" } ], "value": "\nA potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code. \n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-08T22:07:32.645Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\nUpdate system firmware to the version (or newer) indicated for your model in the advisory: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e\n\n\u003cbr\u003e" } ], "value": "\nUpdate system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775 \n\n\n" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-43570", "datePublished": "2023-11-08T22:07:32.645Z", "dateReserved": "2023-09-19T19:57:40.660Z", "dateUpdated": "2024-09-12T18:58:37.515Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45075
Vulnerability from cvelistv5
Published
2023-11-08 22:27
Modified
2024-09-04 17:58
Severity ?
EPSS score ?
Summary
A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:19.819Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:lenovo:bios:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bios", "vendor": "lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-45075", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T17:57:18.522310Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T17:58:47.396Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "BIOS", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Souhardya Sardar of Cyberstanc for reporting this issue." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables." } ], "value": "A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-08T22:27:32.659Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update system firmware to the version (or newer) indicated for your model in the advisory: \u003ca href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e" } ], "value": "Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775 " } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2023-45075", "datePublished": "2023-11-08T22:27:32.659Z", "dateReserved": "2023-10-03T17:36:49.034Z", "dateUpdated": "2024-09-04T17:58:47.396Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.