← Back

CVE-2023-4028

nvd nist
Published: Aug 17, 2023Modified: Nov 21, 2024

JSON object

Loading...
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD

Description

A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

Affected (29)

Products: Lenovo: 13w Yoga Firmware, 13w Yoga Gen 2 Firmware, Ideapad 1 11ada05 Firmware, Ideapad 1 11igl05 Firmware, Ideapad 1 14ada05 Firmware, Ideapad 1 14igl05 Firmware, Flex 5 14alc05 Firmware, Flex 5 14are05 Firmware, Flex 5 14iil05 Firmware, Flex 5 14itl05 Firmware, Flex 5 15alc05 Firmware, Flex 5 15iil05 Firmware, Flex 5 15itl05 Firmware, Ideapad Flex 5 14abr8 Firmware, Ideapad Flex 5 14alc7 Firmware, Ideapad Flex 5 14iau7 Firmware, Ideapad Flex 5 14iru8 Firmware, Ideapad Flex 5 16abr8 Firmware, Ideapad Flex 5 16alc7 Firmware, Ideapad Flex 5 16iau7 Firmware, Ideapad Flex 5 16iru8 Firmware, Flex 7 14iru8 Firmware, Thinkbook 13s G2 Are Firmware, Thinkbook 13s G2 Itl Firmware, Thinkbook 13s G3 Acn Firmware, Thinkbook 13s G4 Iap Firmware, Thinkbook 13x G2 Iap Firmware, Thinkbook 14s G2 Itl Firmware, Yoga 9 15imh5 Firmware
Lenovo
29 products
13w Yoga Firmware
13w Yoga Gen 2 Firmware
Ideapad 1 11ada05 Firmware
Ideapad 1 11igl05 Firmware
Ideapad 1 14ada05 Firmware
Ideapad 1 14igl05 Firmware
Flex 5 14alc05 Firmware
Flex 5 14are05 Firmware
Flex 5 14iil05 Firmware
Flex 5 14itl05 Firmware
Flex 5 15alc05 Firmware
Flex 5 15iil05 Firmware
Flex 5 15itl05 Firmware
Ideapad Flex 5 14abr8 Firmware
Ideapad Flex 5 14alc7 Firmware
Ideapad Flex 5 14iau7 Firmware
Ideapad Flex 5 14iru8 Firmware
Ideapad Flex 5 16abr8 Firmware
Ideapad Flex 5 16alc7 Firmware
Ideapad Flex 5 16iau7 Firmware
Ideapad Flex 5 16iru8 Firmware
Flex 7 14iru8 Firmware
Thinkbook 13s G2 Are Firmware
Thinkbook 13s G2 Itl Firmware
Thinkbook 13s G3 Acn Firmware
Thinkbook 13s G4 Iap Firmware
Thinkbook 13x G2 Iap Firmware
Thinkbook 14s G2 Itl Firmware
Yoga 9 15imh5 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
13w Yoga Firmware
Before jacn38ww
Running on/withPlatform Versions
Lenovo
13w Yoga
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
13w Yoga Gen 2 Firmware
Before kbcn20ww
Running on/withPlatform Versions
Lenovo
13w Yoga Gen 2
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ideapad 1 11ada05 Firmware
Before fqcn29ww
Running on/withPlatform Versions
Lenovo
Ideapad 1 11ada05
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ideapad 1 11igl05 Firmware
Before dwcn28ww
Running on/withPlatform Versions
Lenovo
Ideapad 1 11igl05
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ideapad 1 14ada05 Firmware
Before fqcn29ww
Running on/withPlatform Versions
Lenovo
Ideapad 1 14ada05
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ideapad 1 14igl05 Firmware
Before dwcn28ww
Running on/withPlatform Versions
Lenovo
Ideapad 1 14igl05
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Flex 5 14alc05 Firmware
Before gjcn32ww
Running on/withPlatform Versions
Lenovo
Flex 5 14alc05
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Flex 5 14are05 Firmware
Before eecn43ww
Running on/withPlatform Versions
Lenovo
Flex 5 14are05
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Flex 5 14iil05 Firmware
Before eccn45ww
Running on/withPlatform Versions
Lenovo
Flex 5 14iil05
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Flex 5 14itl05 Firmware
Before fxcn44ww
Running on/withPlatform Versions
Lenovo
Flex 5 14itl05
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Flex 5 15alc05 Firmware
Before gjcn32ww
Running on/withPlatform Versions
Lenovo
Flex 5 15alc05
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Flex 5 15iil05 Firmware
Before eccn45ww
Running on/withPlatform Versions
Lenovo
Flex 5 15iil05
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Flex 5 15itl05 Firmware
Before fxcn44ww
Running on/withPlatform Versions
Lenovo
Flex 5 15itl05
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ideapad Flex 5 14abr8 Firmware
Before l7cn17ww
Running on/withPlatform Versions
Lenovo
Ideapad Flex 5 14abr8
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ideapad Flex 5 14alc7 Firmware
Before jccn35ww
Running on/withPlatform Versions
Lenovo
Ideapad Flex 5 14alc7
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ideapad Flex 5 14iau7 Firmware
Before j7cn44ww
Running on/withPlatform Versions
Lenovo
Ideapad Flex 5 14iau7
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ideapad Flex 5 14iru8 Firmware
Before l6cn20ww
Running on/withPlatform Versions
Lenovo
Ideapad Flex 5 14iru8
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ideapad Flex 5 16abr8 Firmware
Before l7cn17ww
Running on/withPlatform Versions
Lenovo
Ideapad Flex 5 16abr8
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ideapad Flex 5 16alc7 Firmware
Before jccn35ww
Running on/withPlatform Versions
Lenovo
Ideapad Flex 5 16alc7
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ideapad Flex 5 16iau7 Firmware
Before j7cn44ww
Running on/withPlatform Versions
Lenovo
Ideapad Flex 5 16iau7
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ideapad Flex 5 16iru8 Firmware
Before l6cn20ww
Running on/withPlatform Versions
Lenovo
Ideapad Flex 5 16iru8
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Flex 7 14iru8 Firmware
Before l6cn20ww
Running on/withPlatform Versions
Lenovo
Flex 7 14iru8
All versions
Configuration W
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkbook 13s G2 Are Firmware
Before fvcn28ww
Running on/withPlatform Versions
Lenovo
Thinkbook 13s G2 Are
All versions
Configuration X
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkbook 13s G2 Itl Firmware
Before f9cn57ww
Running on/withPlatform Versions
Lenovo
Thinkbook 13s G2 Itl
All versions
Configuration Y
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkbook 13s G3 Acn Firmware
Before gmcn35ww
Running on/withPlatform Versions
Lenovo
Thinkbook 13s G3 Acn
All versions
Configuration Z
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkbook 13s G4 Iap Firmware
Before hwcn49ww
Running on/withPlatform Versions
Lenovo
Thinkbook 13s G4 Iap
All versions
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkbook 13x G2 Iap Firmware
Before hxcn54ww
Running on/withPlatform Versions
Lenovo
Thinkbook 13x G2 Iap
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkbook 14s G2 Itl Firmware
Before f9cn57ww
Running on/withPlatform Versions
Lenovo
Thinkbook 14s G2 Itl
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Yoga 9 15imh5 Firmware
Before epcn32ww
Running on/withPlatform Versions
Lenovo
Yoga 9 15imh5
All versions

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

Source: psirt@lenovo.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.