FKIE_CVE-2023-4029
Vulnerability from fkie_nvd - Published: 2023-08-17 17:15 - Updated: 2024-11-21 08:34
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:k14_type_21cu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A65A5F7-EB4D-4B56-AC90-4B803D732688",
"versionEndExcluding": "1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:k14_type_21cu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E420E364-555D-4E43-9102-A3F1F8994547",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:k14_type_21cv_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE0ACE3-E020-421F-9AB4-7C50B0232BE0",
"versionEndExcluding": "1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:k14_type_21cv:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE21ABB-B0E2-4E2E-AD06-46E71DD82C4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_s2_yoga_gen_8_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E04588B5-4D04-46C2-9AF8-B5DDC8F345D9",
"versionEndExcluding": "1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA25359-AE51-45EA-8507-40953790E04E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_e14_gen_3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9382214-2C46-46D0-AA8E-4A3DF9B46356",
"versionEndExcluding": "1.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e14_gen_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66ABF1A9-495C-49BE-B7C1-2E7D4AAE7C59",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_e15_gen_3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A78B91F-AFCE-4A04-A424-C47E2373A060",
"versionEndExcluding": "1.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e15_gen_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "568603E1-E38F-42D0-8AE0-AE11951852E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_l13_gen_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80DDA5A0-6D71-4F85-870E-2B3D62320150",
"versionEndExcluding": "1.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l13_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E560943-6A00-4423-91F3-FBBBBB978F6B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_l13_gen_3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6606CF-CCC8-4061-A989-3519EEA48E4C",
"versionEndExcluding": "1.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l13_gen_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D6D51EE-16C2-4090-8872-E69E55D5D4A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_l13_gen_4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBCE89B-52BE-474F-AF10-ABA25A2E7017",
"versionEndExcluding": "1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l13_gen_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D5606FE-0787-44AD-97B8-AAB560056ED5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_l13_yoga_gen_4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1400DD3A-39C1-4C9E-BAC7-FB1588F9FFB9",
"versionEndExcluding": "1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l13_yoga_gen_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D619CDB5-510B-443F-8772-CB09DD68190D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_l13_yoga_gen_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25BA3447-9D13-4F7D-BA5B-8C90BE816007",
"versionEndExcluding": "1.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l13_yoga_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB43443-ED65-4CF5-8FDA-3BCC1E2BD5A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_l13_yoga_gen_3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DA62157-F2A9-4868-B7BA-C15BD4EAFD77",
"versionEndExcluding": "1.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l13_yoga_gen_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B43B845-C95E-47DF-8AEB-7ADB650A5425",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_l14_gen_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7148FAD4-4CE0-432E-AFFE-1BB586259F6E",
"versionEndExcluding": "1.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l14_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE86BB2-232D-4DD9-9630-EA6517C64EB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_l14_gen_3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C3B900-6538-4D4D-A3E6-E216238AC569",
"versionEndExcluding": "1.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l14_gen_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E774C0D8-4712-414D-B9B9-214AAC710B63",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_l14_gen_4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED041C6-C651-487B-B674-30FB3049579A",
"versionEndExcluding": "1.06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l14_gen_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "181D4876-394F-4FE0-91B8-16267F987D18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_l15_gen_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBEBF813-4B39-4ACA-B100-058BB06BCCB6",
"versionEndExcluding": "1.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l15_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77DDB8D3-F2BD-42AB-B927-D38FB54EE902",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_l15_gen_3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67569E35-EBF9-4EC0-A6D4-35BC80424093",
"versionEndExcluding": "1.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l15_gen_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4ACCDD8-A4F5-4805-91FC-4464A1FB46BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_l15_gen_4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A18F11AF-603F-43C6-812A-BC18244E0BBC",
"versionEndExcluding": "1.06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l15_gen_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0ED6441F-C705-40D0-9FDF-7471955D6610",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_p14s_gen_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F539C7D-8069-4609-AFB6-1417C78C12DB",
"versionEndExcluding": "1.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_p14s_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE970F53-856F-4DFF-B845-A8C5A8B14C90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_t14_gen_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A389BD6-0D8A-46C4-8735-25A374853ABC",
"versionEndExcluding": "1.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_t14_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD6A601D-0427-453F-B4A8-4EB9C18A58C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_t14s_gen_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DF019E0-F79F-49BA-9EB6-FA947FE26B0A",
"versionEndExcluding": "1.37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_t14s_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49AE9591-00C0-4136-9355-8BD5648E29A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_s2_gen_6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61A133FE-674D-40B3-80F6-BF24D27ECC31",
"versionEndExcluding": "1.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_s2_gen_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3A2ACE-E9E9-4A93-9543-044096A8BAFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_s2_gen_7_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E54C81E5-0CB5-4EA8-9F33-37C376BE139C",
"versionEndExcluding": "1.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_s2_gen_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D03A821-532F-4951-8BD5-A3C3B3F60DD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_s2_gen_8_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "188634AD-EC8F-4780-A6D3-CF3E7F6DA862",
"versionEndExcluding": "1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_s2_gen_8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "826861DB-719A-40DE-B813-CE51EDEC84D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_s2_yoga_gen_6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC6F8FA-1FA0-49CF-BD73-052501D5A4B0",
"versionEndExcluding": "1.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2279C8-0F44-4CA3-9AED-F31E3C3327D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_s2_yoga_gen_7_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B01C37DE-CD3B-41B1-AD51-9A50756895AC",
"versionEndExcluding": "1.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1040935-6004-4539-992A-FCDDC84333B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_x13_gen_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "124BEE07-D47F-4503-871A-EB85495BD6F9",
"versionEndExcluding": "1.37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_x13_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C06223-3F58-4765-B9F4-BD56F89EA0A4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code."
},
{
"lang": "es",
"value": "Se ha identificado un desbordamiento de b\u00fafer en el controlador BoardUpdateAcpiDxe de algunos productos ThinkPad de Lenovo que puede permitir a un atacante con acceso local y privilegios elevados ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2023-4029",
"lastModified": "2024-11-21T08:34:15.683",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-17T17:15:10.313",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "psirt@lenovo.com",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…