CVE-2023-2290: A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary…

medium6.7CVSS 3.1

AVLACLPRHUINSUCHIHAH

A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.

Affected

121 ranges· showing 25

Vendor	Product	Version range	Fixed in
lenovo	thinkpad	—	—
lenovo	thinkpad_e14_firmware	—	—
lenovo	thinkpad_e14_gen_2_firmware	—	—
lenovo	thinkpad_e14_gen_4_firmware	—	—
lenovo	thinkpad_e14_gen_4_firmware	—	—
lenovo	thinkpad_e15_firmware	—	—
lenovo	thinkpad_e15_gen_2_firmware	—	—
lenovo	thinkpad_e15_gen_4_firmware	—	—
lenovo	thinkpad_e15_gen_4_firmware	—	—
lenovo	thinkpad_e490_firmware	—	—
lenovo	thinkpad_e490s_firmware	—	—
lenovo	thinkpad_e590_firmware	—	—
lenovo	thinkpad_l13_gen_3_firmware	—	—
lenovo	thinkpad_l13_yoga_gen_3_firmware	—	—
lenovo	thinkpad_l14_firmware	—	—
lenovo	thinkpad_l14_firmware	—	—
lenovo	thinkpad_l14_firmware	—	—
lenovo	thinkpad_l14_firmware	—	—
lenovo	thinkpad_l14_firmware	—	—
lenovo	thinkpad_l15_firmware	—	—
lenovo	thinkpad_l15_firmware	—	—
lenovo	thinkpad_l15_gen_2_firmware	—	—
lenovo	thinkpad_l15_gen_2_firmware	—	—
lenovo	thinkpad_l15_gen_3_firmware	—	—
lenovo	thinkpad_l490_firmware	—	—