CVE-2023-5078 — Incorrect Initialization of Resource in Lenovo Thinkpad L13 GEN 3 Firmware

CWE-1419 — Incorrect Initialization of Resource CWE-665 — Improper Initialization3 documents3 sources

Severity

6.7MEDIUMNVD

EPSS

0.0%

top 87.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Thinkpad L13 GEN 3 Firmware Lenovo Thinkpad L13 Yoga GEN 3 Firmware Lenovo Thinkpad L14 GEN 3 Firmware +5 more

Timeline

PublishedNov 8

Latest updateNov 9

Description

A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages8 packages

▶CVEListV5lenovo/thinkpad_biosvarious

▶NVDlenovo/thinkpad_l13_gen_3_firmware< 1.19

▶NVDlenovo/thinkpad_l14_gen_3_firmware< 1.23

▶NVDlenovo/thinkpad_l14_gen_4_firmware< 1.1

▶NVDlenovo/thinkpad_l15_gen_3_firmware< 1.23

🔴Vulnerability Details

GHSA

GHSA-7hgj-2cr9-625f: A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware↗2023-11-09

▶

CVEList

CVE-2023-5078: A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware↗2023-11-08

▶