CVE-2023-4029 (GCVE-0-2023-4029)

Vulnerability from cvelistv5 – Published: 2023-08-17 16:48 – Updated: 2024-10-08 13:16
VLAI?
Summary
A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
Severity ?
6.7 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
Vendor Product Version
Lenovo ThinkPad Affected: various
Create a notification for this product.
Credits
Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:17:11.608Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkpad",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4029",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T13:13:15.422315Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T13:16:40.566Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ThinkPad",
          "vendor": "Lenovo",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code."
            }
          ],
          "value": "A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-17T16:48:24.711Z",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
            }
          ],
          "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2023-4029",
    "datePublished": "2023-08-17T16:48:24.711Z",
    "dateReserved": "2023-07-31T16:48:52.842Z",
    "dateUpdated": "2024-10-08T13:16:40.566Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:k14_type_21cu_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.12\", \"matchCriteriaId\": \"2A65A5F7-EB4D-4B56-AC90-4B803D732688\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:k14_type_21cu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E420E364-555D-4E43-9102-A3F1F8994547\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:k14_type_21cv_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.12\", \"matchCriteriaId\": \"6FE0ACE3-E020-421F-9AB4-7C50B0232BE0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:k14_type_21cv:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7FE21ABB-B0E2-4E2E-AD06-46E71DD82C4E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkpad_s2_yoga_gen_8_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.10\", \"matchCriteriaId\": \"E04588B5-4D04-46C2-9AF8-B5DDC8F345D9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_8:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DA25359-AE51-45EA-8507-40953790E04E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkpad_e14_gen_3_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.15\", \"matchCriteriaId\": \"C9382214-2C46-46D0-AA8E-4A3DF9B46356\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkpad_e14_gen_3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"66ABF1A9-495C-49BE-B7C1-2E7D4AAE7C59\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkpad_e15_gen_3_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.15\", \"matchCriteriaId\": \"9A78B91F-AFCE-4A04-A424-C47E2373A060\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkpad_e15_gen_3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"568603E1-E38F-42D0-8AE0-AE11951852E6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkpad_l13_gen_2_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.30\", \"matchCriteriaId\": \"80DDA5A0-6D71-4F85-870E-2B3D62320150\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkpad_l13_gen_2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E560943-6A00-4423-91F3-FBBBBB978F6B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkpad_l13_gen_3_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.19\", \"matchCriteriaId\": \"7A6606CF-CCC8-4061-A989-3519EEA48E4C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkpad_l13_gen_3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D6D51EE-16C2-4090-8872-E69E55D5D4A7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkpad_l13_gen_4_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.10\", \"matchCriteriaId\": \"7DBCE89B-52BE-474F-AF10-ABA25A2E7017\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkpad_l13_gen_4:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D5606FE-0787-44AD-97B8-AAB560056ED5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkpad_l13_yoga_gen_4_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.10\", \"matchCriteriaId\": \"1400DD3A-39C1-4C9E-BAC7-FB1588F9FFB9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkpad_l13_yoga_gen_4:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D619CDB5-510B-443F-8772-CB09DD68190D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkpad_l13_yoga_gen_2_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.30\", \"matchCriteriaId\": \"25BA3447-9D13-4F7D-BA5B-8C90BE816007\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkpad_l13_yoga_gen_2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CB43443-ED65-4CF5-8FDA-3BCC1E2BD5A2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkpad_l13_yoga_gen_3_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.19\", \"matchCriteriaId\": \"1DA62157-F2A9-4868-B7BA-C15BD4EAFD77\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkpad_l13_yoga_gen_3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B43B845-C95E-47DF-8AEB-7ADB650A5425\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkpad_l14_gen_2_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.28\", \"matchCriteriaId\": \"7148FAD4-4CE0-432E-AFFE-1BB586259F6E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkpad_l14_gen_2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CE86BB2-232D-4DD9-9630-EA6517C64EB1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkpad_l14_gen_3_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.23\", \"matchCriteriaId\": \"C9C3B900-6538-4D4D-A3E6-E216238AC569\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkpad_l14_gen_3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E774C0D8-4712-414D-B9B9-214AAC710B63\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkpad_l14_gen_4_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.06\", \"matchCriteriaId\": \"2ED041C6-C651-487B-B674-30FB3049579A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkpad_l14_gen_4:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"181D4876-394F-4FE0-91B8-16267F987D18\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkpad_l15_gen_2_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.28\", \"matchCriteriaId\": \"CBEBF813-4B39-4ACA-B100-058BB06BCCB6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkpad_l15_gen_2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77DDB8D3-F2BD-42AB-B927-D38FB54EE902\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkpad_l15_gen_3_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.23\", \"matchCriteriaId\": \"67569E35-EBF9-4EC0-A6D4-35BC80424093\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkpad_l15_gen_3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4ACCDD8-A4F5-4805-91FC-4464A1FB46BA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkpad_l15_gen_4_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.06\", \"matchCriteriaId\": \"A18F11AF-603F-43C6-812A-BC18244E0BBC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkpad_l15_gen_4:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0ED6441F-C705-40D0-9FDF-7471955D6610\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkpad_p14s_gen_2_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.34\", \"matchCriteriaId\": \"0F539C7D-8069-4609-AFB6-1417C78C12DB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkpad_p14s_gen_2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE970F53-856F-4DFF-B845-A8C5A8B14C90\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkpad_t14_gen_2_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.34\", \"matchCriteriaId\": \"0A389BD6-0D8A-46C4-8735-25A374853ABC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkpad_t14_gen_2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD6A601D-0427-453F-B4A8-4EB9C18A58C6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkpad_t14s_gen_2_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.37\", \"matchCriteriaId\": \"2DF019E0-F79F-49BA-9EB6-FA947FE26B0A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkpad_t14s_gen_2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49AE9591-00C0-4136-9355-8BD5648E29A2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkpad_s2_gen_6_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.30\", \"matchCriteriaId\": \"61A133FE-674D-40B3-80F6-BF24D27ECC31\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkpad_s2_gen_6:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF3A2ACE-E9E9-4A93-9543-044096A8BAFE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkpad_s2_gen_7_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.19\", \"matchCriteriaId\": \"E54C81E5-0CB5-4EA8-9F33-37C376BE139C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkpad_s2_gen_7:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D03A821-532F-4951-8BD5-A3C3B3F60DD3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkpad_s2_gen_8_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.10\", \"matchCriteriaId\": \"188634AD-EC8F-4780-A6D3-CF3E7F6DA862\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkpad_s2_gen_8:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"826861DB-719A-40DE-B813-CE51EDEC84D2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkpad_s2_yoga_gen_6_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.30\", \"matchCriteriaId\": \"6AC6F8FA-1FA0-49CF-BD73-052501D5A4B0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_6:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B2279C8-0F44-4CA3-9AED-F31E3C3327D8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkpad_s2_yoga_gen_7_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.19\", \"matchCriteriaId\": \"B01C37DE-CD3B-41B1-AD51-9A50756895AC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_7:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1040935-6004-4539-992A-FCDDC84333B5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkpad_x13_gen_2_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.37\", \"matchCriteriaId\": \"124BEE07-D47F-4503-871A-EB85495BD6F9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkpad_x13_gen_2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2C06223-3F58-4765-B9F4-BD56F89EA0A4\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.\"}, {\"lang\": \"es\", \"value\": \"Se ha identificado un desbordamiento de b\\u00fafer en el controlador BoardUpdateAcpiDxe de algunos productos ThinkPad de Lenovo que puede permitir a un atacante con acceso local y privilegios elevados ejecutar c\\u00f3digo arbitrario.\"}]",
      "id": "CVE-2023-4029",
      "lastModified": "2024-11-21T08:34:15.683",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@lenovo.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 5.9}]}",
      "published": "2023-08-17T17:15:10.313",
      "references": "[{\"url\": \"https://support.lenovo.com/us/en/product_security/LEN-134879\", \"source\": \"psirt@lenovo.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.lenovo.com/us/en/product_security/LEN-134879\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@lenovo.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"psirt@lenovo.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-120\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-4029\",\"sourceIdentifier\":\"psirt@lenovo.com\",\"published\":\"2023-08-17T17:15:10.313\",\"lastModified\":\"2024-11-21T08:34:15.683\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado un desbordamiento de b\u00fafer en el controlador BoardUpdateAcpiDxe de algunos productos ThinkPad de Lenovo que puede permitir a un atacante con acceso local y privilegios elevados ejecutar c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@lenovo.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@lenovo.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:k14_type_21cu_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.12\",\"matchCriteriaId\":\"2A65A5F7-EB4D-4B56-AC90-4B803D732688\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:k14_type_21cu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E420E364-555D-4E43-9102-A3F1F8994547\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:k14_type_21cv_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.12\",\"matchCriteriaId\":\"6FE0ACE3-E020-421F-9AB4-7C50B0232BE0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:k14_type_21cv:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FE21ABB-B0E2-4E2E-AD06-46E71DD82C4E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkpad_s2_yoga_gen_8_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.10\",\"matchCriteriaId\":\"E04588B5-4D04-46C2-9AF8-B5DDC8F345D9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_8:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DA25359-AE51-45EA-8507-40953790E04E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkpad_e14_gen_3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.15\",\"matchCriteriaId\":\"C9382214-2C46-46D0-AA8E-4A3DF9B46356\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkpad_e14_gen_3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66ABF1A9-495C-49BE-B7C1-2E7D4AAE7C59\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkpad_e15_gen_3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.15\",\"matchCriteriaId\":\"9A78B91F-AFCE-4A04-A424-C47E2373A060\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkpad_e15_gen_3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"568603E1-E38F-42D0-8AE0-AE11951852E6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkpad_l13_gen_2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.30\",\"matchCriteriaId\":\"80DDA5A0-6D71-4F85-870E-2B3D62320150\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkpad_l13_gen_2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E560943-6A00-4423-91F3-FBBBBB978F6B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkpad_l13_gen_3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.19\",\"matchCriteriaId\":\"7A6606CF-CCC8-4061-A989-3519EEA48E4C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkpad_l13_gen_3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D6D51EE-16C2-4090-8872-E69E55D5D4A7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkpad_l13_gen_4_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.10\",\"matchCriteriaId\":\"7DBCE89B-52BE-474F-AF10-ABA25A2E7017\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkpad_l13_gen_4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D5606FE-0787-44AD-97B8-AAB560056ED5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkpad_l13_yoga_gen_4_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.10\",\"matchCriteriaId\":\"1400DD3A-39C1-4C9E-BAC7-FB1588F9FFB9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkpad_l13_yoga_gen_4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D619CDB5-510B-443F-8772-CB09DD68190D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkpad_l13_yoga_gen_2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.30\",\"matchCriteriaId\":\"25BA3447-9D13-4F7D-BA5B-8C90BE816007\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkpad_l13_yoga_gen_2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CB43443-ED65-4CF5-8FDA-3BCC1E2BD5A2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkpad_l13_yoga_gen_3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.19\",\"matchCriteriaId\":\"1DA62157-F2A9-4868-B7BA-C15BD4EAFD77\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkpad_l13_yoga_gen_3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B43B845-C95E-47DF-8AEB-7ADB650A5425\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkpad_l14_gen_2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.28\",\"matchCriteriaId\":\"7148FAD4-4CE0-432E-AFFE-1BB586259F6E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkpad_l14_gen_2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CE86BB2-232D-4DD9-9630-EA6517C64EB1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkpad_l14_gen_3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.23\",\"matchCriteriaId\":\"C9C3B900-6538-4D4D-A3E6-E216238AC569\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkpad_l14_gen_3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E774C0D8-4712-414D-B9B9-214AAC710B63\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkpad_l14_gen_4_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.06\",\"matchCriteriaId\":\"2ED041C6-C651-487B-B674-30FB3049579A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkpad_l14_gen_4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"181D4876-394F-4FE0-91B8-16267F987D18\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkpad_l15_gen_2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.28\",\"matchCriteriaId\":\"CBEBF813-4B39-4ACA-B100-058BB06BCCB6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkpad_l15_gen_2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77DDB8D3-F2BD-42AB-B927-D38FB54EE902\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkpad_l15_gen_3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.23\",\"matchCriteriaId\":\"67569E35-EBF9-4EC0-A6D4-35BC80424093\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkpad_l15_gen_3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4ACCDD8-A4F5-4805-91FC-4464A1FB46BA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkpad_l15_gen_4_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.06\",\"matchCriteriaId\":\"A18F11AF-603F-43C6-812A-BC18244E0BBC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkpad_l15_gen_4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0ED6441F-C705-40D0-9FDF-7471955D6610\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkpad_p14s_gen_2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.34\",\"matchCriteriaId\":\"0F539C7D-8069-4609-AFB6-1417C78C12DB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkpad_p14s_gen_2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE970F53-856F-4DFF-B845-A8C5A8B14C90\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkpad_t14_gen_2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.34\",\"matchCriteriaId\":\"0A389BD6-0D8A-46C4-8735-25A374853ABC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkpad_t14_gen_2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD6A601D-0427-453F-B4A8-4EB9C18A58C6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkpad_t14s_gen_2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.37\",\"matchCriteriaId\":\"2DF019E0-F79F-49BA-9EB6-FA947FE26B0A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkpad_t14s_gen_2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49AE9591-00C0-4136-9355-8BD5648E29A2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkpad_s2_gen_6_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.30\",\"matchCriteriaId\":\"61A133FE-674D-40B3-80F6-BF24D27ECC31\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkpad_s2_gen_6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF3A2ACE-E9E9-4A93-9543-044096A8BAFE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkpad_s2_gen_7_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.19\",\"matchCriteriaId\":\"E54C81E5-0CB5-4EA8-9F33-37C376BE139C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkpad_s2_gen_7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D03A821-532F-4951-8BD5-A3C3B3F60DD3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkpad_s2_gen_8_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.10\",\"matchCriteriaId\":\"188634AD-EC8F-4780-A6D3-CF3E7F6DA862\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkpad_s2_gen_8:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"826861DB-719A-40DE-B813-CE51EDEC84D2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkpad_s2_yoga_gen_6_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.30\",\"matchCriteriaId\":\"6AC6F8FA-1FA0-49CF-BD73-052501D5A4B0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B2279C8-0F44-4CA3-9AED-F31E3C3327D8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkpad_s2_yoga_gen_7_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.19\",\"matchCriteriaId\":\"B01C37DE-CD3B-41B1-AD51-9A50756895AC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1040935-6004-4539-992A-FCDDC84333B5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkpad_x13_gen_2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.37\",\"matchCriteriaId\":\"124BEE07-D47F-4503-871A-EB85495BD6F9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkpad_x13_gen_2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2C06223-3F58-4765-B9F4-BD56F89EA0A4\"}]}]}],\"references\":[{\"url\":\"https://support.lenovo.com/us/en/product_security/LEN-134879\",\"source\":\"psirt@lenovo.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.lenovo.com/us/en/product_security/LEN-134879\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.lenovo.com/us/en/product_security/LEN-134879\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:17:11.608Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-4029\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-08T13:13:15.422315Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*\"], \"vendor\": \"lenovo\", \"product\": \"thinkpad\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-08T13:16:36.790Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Lenovo\", \"product\": \"ThinkPad\", \"versions\": [{\"status\": \"affected\", \"version\": \"various\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879.\", \"base64\": false}]}], \"references\": [{\"url\": \"https://support.lenovo.com/us/en/product_security/LEN-134879\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-120\", \"description\": \"CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"da227ddf-6e25-4b41-b023-0f976dcaca4b\", \"shortName\": \"lenovo\", \"dateUpdated\": \"2023-08-17T16:48:24.711Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-4029\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-08T13:16:40.566Z\", \"dateReserved\": \"2023-07-31T16:48:52.842Z\", \"assignerOrgId\": \"da227ddf-6e25-4b41-b023-0f976dcaca4b\", \"datePublished\": \"2023-08-17T16:48:24.711Z\", \"assignerShortName\": \"lenovo\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.