Lenovo Desktop Bios vulnerabilities

CVE-2023-43574 [MEDIUM] CWE-126 CVE-2023-43574: A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.

CVE-2023-43572 [MEDIUM] CWE-126 CVE-2023-43572: A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products th A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.

CVE-2023-43581 [MEDIUM] CWE-120 CVE-2023-43581: A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may all A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

CVE-2023-43571 [MEDIUM] CWE-120 CVE-2023-43571: A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products tha A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

CVE-2023-43578 [MEDIUM] CWE-120 CVE-2023-43578: A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

CVE-2023-43577 [MEDIUM] CWE-120 CVE-2023-43577: A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

CVE-2023-43567 [MEDIUM] CWE-120 CVE-2023-43567: A buffer overflow was reported in the LemSecureBootForceKey module in some Lenovo Desktop products t A buffer overflow was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

CVE-2023-43568 [MEDIUM] CWE-126 CVE-2023-43568: A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.

CVE-2023-43575 [MEDIUM] CWE-120 CVE-2023-43575: A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

CVE-2023-43569 [MEDIUM] CWE-120 CVE-2023-43569: A buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a A buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

CVE-2023-43570 [MEDIUM] CWE-20 CVE-2023-43570: A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may a A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code.

CVE-2023-43573 [MEDIUM] CWE-120 CVE-2023-43573: A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

CVE-2023-43579 [MEDIUM] CWE-120 CVE-2023-43579: A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allo A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

CVE-2023-43580 [MEDIUM] CWE-120 CVE-2023-43580: A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may a A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

CVE-2023-43576 [MEDIUM] CWE-120 CVE-2023-43576: A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

CVE-2021-3519 [MEDIUM] CWE-287 CVE-2021-3519: A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to t A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.