CVE-2023-4632

CWE-427 CWE-3666 documents6 sources

Severity

7.8HIGH

EPSS

0.1%

top 78.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo System Update Lenovo Lenovo System Update

Timeline

PublishedNov 8

Latest updateDec 24

Description

An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDlenovo/system_update< 5.08.02.25

▶CVEListV5lenovo/lenovo_system_updateVersions prior to 5.08.02.25

Patches

Patch: support.lenovo.com ↗Patch: support.lenovo.com ↗

🔴Vulnerability Details

OSV

btrfs: fix race between balance and cancel/pause↗2025-12-24

▶

GHSA

GHSA-xqfg-p7f2-6w5f: An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with ele↗2023-11-09

▶

CVEList

CVE-2023-4632: An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with ele↗2023-11-08

▶

📋Vendor Advisories

Red Hat

kernel: btrfs: fix race between balance and cancel/pause↗2025-12-24

▶