CVE-2023-4028 — Classic Buffer Overflow in Lenovo 13W Yoga Firmware

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

6.7MEDIUMNVD

EPSS

0.0%

top 88.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo 13W Yoga Firmware Lenovo 13W Yoga GEN 2 Firmware Lenovo Flex 5-14alc05 Firmware +27 more

Timeline

PublishedAug 17

Description

A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages30 packages

▶CVEListV5lenovo/lenovo_notebookvarious

▶NVDlenovo/13w_yoga_firmware< jacn38ww

▶NVDlenovo/flex_7_14iru8_firmware< l6cn20ww

▶NVDlenovo/yoga_9-15imh5_firmware< epcn32ww

▶NVDlenovo/13w_yoga_gen_2_firmware< kbcn20ww

🔴Vulnerability Details

CVEList

CVE-2023-4028: A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local↗2023-08-17

▶

GHSA

GHSA-xgcf-cppw-j442: A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local↗2023-08-17

▶