CVE-2023-43568 — Buffer Over-read in Lenovo Ideacentre 3-07ada05 Firmware

CWE-126 — Buffer Over-read3 documents3 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 79.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Ideacentre 3-07ada05 Firmware Lenovo Ideacentre 3-07imb05 Firmware Lenovo Ideacentre 5-14imb05 Firmware +78 more

Timeline

PublishedNov 8

Latest updateNov 9

Description

A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages81 packages

▶CVEListV5lenovo/desktop_biosvarious

▶NVDlenovo/loq_17irb8_firmware< m4ukt36a

▶NVDlenovo/v30a-22iml_firmware< m37kt31a

▶NVDlenovo/v30a-22itl_firmware< o5akt34a

▶NVDlenovo/v30a-24iml_firmware< m37kt31a

🔴Vulnerability Details

GHSA

GHSA-6mhg-89x7-jmrg: A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated priv↗2023-11-09

▶

CVEList

CVE-2023-43568: A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated priv↗2023-11-08

▶