CVE-2023-4029 — Classic Buffer Overflow in Lenovo K14 Type 21cu Firmware

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

6.7MEDIUMNVD

EPSS

0.0%

top 88.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo K14 Type 21cu Firmware Lenovo K14 Type 21cv Firmware Lenovo Thinkpad E14 GEN 3 Firmware +24 more

Timeline

PublishedAug 17

Description

A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages27 packages

▶NVDlenovo/thinkpad_s2_gen_6_firmware< 1.30

▶NVDlenovo/thinkpad_s2_gen_7_firmware< 1.19

▶NVDlenovo/thinkpad_s2_gen_8_firmware< 1.10

▶NVDlenovo/thinkpad_e14_gen_3_firmware< 1.15

▶NVDlenovo/thinkpad_e15_gen_3_firmware< 1.15

🔴Vulnerability Details

GHSA

GHSA-2fr9-5jx9-gcx9: A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access↗2023-08-17

▶

CVEList

CVE-2023-4029: A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access↗2023-08-17

▶