CVE-2024-23594Stack-based Buffer Overflow in Lenovo Windows 7 AND 8 PC Preloads

CWE-121Stack-based Buffer Overflow6 documents5 sources
Severity
6.4MEDIUMNVD
EPSS
0.0%
top 89.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
19
Lenovo Windows 7 AND 8 PC PreloadsMsrc Windows 10 Version 1809 FOR 32-bit SystemsMsrc Windows 10 Version 1809 FOR Arm64-based Systems+16 more
Timeline
PublishedApr 15

Description

A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages19 packages

🔴Vulnerability Details

1
GHSA
GHSA-jr46-x6w8-43gx: A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems2024-04-15

📋Vendor Advisories

1
Microsoft
Lenovo: CVE-2024-23594 Stack buffer overflow in Lenovo system recovery boot manager2024-04-09

🕵️Threat Intelligence

3
Trendmicro
The April 2024 Security Updates Review2024-04-09
Bleepingcomputer
Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs2024-04-09
Trendmicro
The April 2024 Security Updates Review2024-04-09