CVE-2023-45076

CWE-125Out-of-bounds Read3 documents3 sources
Severity
6.7MEDIUM
EPSS
0.0%
top 89.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
54
Lenovo Ideacentre 3-07ada05 FirmwareLenovo Ideacentre 3-07imb05 FirmwareLenovo Ideacentre 5-14iob6 Firmware+51 more
Timeline
PublishedNov 8
Latest updateNov 9

Description

A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages54 packages

🔴Vulnerability Details

2
GHSA
GHSA-xwr9-j862-6mj9: A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM vari2023-11-09
CVEList
CVE-2023-45076: A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM vari2023-11-08
CVE-2023-45076 (MEDIUM CVSS 6.7) | A memory leakage vulnerability was | cvebase.io