CVE-2023-2290

CWE-787 — Out-of-bounds Write CWE-119 — Buffer Overflow CWE-7726 documents6 sources

Severity

6.7MEDIUM

EPSS

0.0%

top 85.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Thinkpad Lenovo Thinkpad E14 Firmware Lenovo Thinkpad E14 GEN 2 Firmware +83 more

Timeline

PublishedJun 26

Latest updateDec 24

Description

A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages86 packages

▶CVEListV5lenovo/thinkpadvarious

▶NVDlenovo/thinkpad_e14_firmware1.23

▶NVDlenovo/thinkpad_e15_firmware1.23

▶NVDlenovo/thinkpad_l14_firmware5 versions+4

▶NVDlenovo/thinkpad_l15_firmware1.2, 1.3+1

🔴Vulnerability Details

OSV

wifi: rt2x00: Fix memory leak when handling surveys↗2025-12-24

▶

CVEList

CVE-2023-2290: A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arb↗2023-06-26

▶

GHSA

GHSA-29p8-776w-hr3v: A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arb↗2023-06-26

▶

📋Vendor Advisories

Red Hat

kernel: Linux kernel rt2x00 Wi-Fi driver: Denial of Service via memory leak during device removal↗2025-12-24

▶