CVE-2023-45075
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD
Description
A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
Affected (62)
Products: Lenovo: Ideacentre C5 14imb05 Firmware, Ideacentre 3 07ada05 Firmware, Ideacentre 3 07imb05 Firmware, Ideacentre 5 14iob6 Firmware, Ideacentre Creator 5 14iob6 Firmware, Ideacentre G5 14amr05 Firmware, Ideacentre G5 14imb05 Firmware, Ideacentre Gaming 5 14iob6 Firmware, Ideacentre Mini 5 01iaq7 Firmware, Ideacentre Mini 5 01imh05 Firmware, Legion T7 34imz5 Firmware, Thinkcentre M625q Firmware, Thinkcentre M630e Firmware, Thinkcentre M70a Firmware, Thinkcentre M920z All In One Firmware, Thinkcentre M920x Firmware, Thinkcentre M920t Firmware, Thinkcentre M920s Firmware, Thinkcentre M920q Firmware, Thinkcentre M90t Firmware, Thinkcentre M90s Firmware, Thinkcentre M90q Tiny Firmware, Thinkcentre M90a Firmware, Thinkcentre M820z All In One Firmware, Thinkcentre M80t Firmware, Thinkcentre M80s Firmware, Thinkcentre M80q Firmware, Thinkcentre M75t Gen 2 Firmware, Thinkcentre M75s Gen 2 Firmware, Thinkcentre M75q Gen 2 Firmware, Thinkcentre M75n Firmware, Thinkcentre M720t Firmware, Thinkcentre M720s Firmware, Thinkcentre M720q Firmware, Thinkcentre M70t Firmware, Thinkcentre M70s Firmware, Thinkcentre M70q Firmware, V50t 13iob G2 Firmware, V55t Gen 2 13acn Firmware, V50t 13imh Firmware, V50t 13imb Firmware, V50s 07imb Firmware, V50a 24imb Firmware, V50a 22imb Firmware, V30a 24iml Firmware, V30a 22iml Firmware, Thinkcentre M70c Firmware, Thinkedge Se30 Firmware, Thinkstation P920 Workstation Firmware, Thinkstation P720 Workstation Firmware, Thinkstation P520c Workstation Firmware, Thinkstation P520 Workstation Firmware, Thinkstation P360 Workstation Firmware, Thinkstation P350 Workstation Firmware, Thinkstation P348 Workstation Firmware, Thinkstation P340 Workstation Firmware, Thinkstation P340 Tiny Workstation Firmware, Thinkstation P330 Workstation 2nd Gen Firmware, Thinkstation P330 Workstation Firmware, Thinkstation P330 Tiny Workstation Firmware, Thinkstation P320 Workstation Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before o4hkt3ca |
| Running on/with | Platform Versions |
|---|---|
Lenovo Ideacentre C5 14imb05 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before o4fkt39a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Ideacentre 3 07ada05 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before m2vkt21a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Ideacentre 3 07imb05 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before m3gkt3da |
| Running on/with | Platform Versions |
|---|---|
Lenovo Ideacentre 5 14iob6 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before m3gkt3da |
| Running on/with | Platform Versions |
|---|---|
Lenovo Ideacentre Creator 5 14iob6 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before o4zkt2ba |
| Running on/with | Platform Versions |
|---|---|
Lenovo Ideacentre G5 14amr05 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before o4hkt3ca |
| Running on/with | Platform Versions |
|---|---|
Lenovo Ideacentre G5 14imb05 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before m3gkt3da |
| Running on/with | Platform Versions |
|---|---|
Lenovo Ideacentre Gaming 5 14iob6 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before o53kt10a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Ideacentre Mini 5 01iaq7 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before o4ekt1ba |
| Running on/with | Platform Versions |
|---|---|
Lenovo Ideacentre Mini 5 01imh05 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before o5fkt17a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Legion T7 34imz5 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before m1wkt52a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M625q | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M630e | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before m2skt29a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M70a | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before m1mkt56a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M920z All In One | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before m1ukt72a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M920x | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Before m1ukt72a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M920t | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Before m1ukt72a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M920s | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Before m1ukt72a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M920q | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Before m2tkt55a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M90t | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Before m2tkt55a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M90s | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Before m2wkt5aa |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M90q Tiny | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Before m2rkt57a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M90a | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Before m1nkt62a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M820z All In One | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Before m2tkt55a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M80t | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before m2tkt55a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M80s | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before m2wkt5aa |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M80q | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M75t Gen 2 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M75s Gen 2 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before m47kt30a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M75q Gen 2 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before m33kt27a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M75n | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before m1ukt72a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M720t | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before m1ukt72a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M720s | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before m1ukt72a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M720q | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before m2tkt55a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M70t | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before m2tkt55a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M70s | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before m2wkt5aa |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M70q | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before m3gkt3da |
| Running on/with | Platform Versions |
|---|---|
Lenovo V50t 13iob G2 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before o5jkt23a |
| Running on/with | Platform Versions |
|---|---|
Lenovo V55t Gen 2 13acn | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before m4pkt13a |
| Running on/with | Platform Versions |
|---|---|
Lenovo V50t 13imh | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before o4hkt3ca |
| Running on/with | Platform Versions |
|---|---|
Lenovo V50t 13imb | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Before m2vkt21a |
| Running on/with | Platform Versions |
|---|---|
Lenovo V50s 07imb | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Before m36kt32a |
| Running on/with | Platform Versions |
|---|---|
Lenovo V50a 24imb | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Before m36kt32a |
| Running on/with | Platform Versions |
|---|---|
Lenovo V50a 22imb | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Before m37kt31a |
| Running on/with | Platform Versions |
|---|---|
Lenovo V30a 24iml | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Before m37kt31a |
| Running on/with | Platform Versions |
|---|---|
Lenovo V30a 22iml | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Before m2vkt21a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M70c | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Before m3fkt2da |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkedge Se30 | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkstation P920 Workstation | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkstation P720 Workstation | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkstation P520c Workstation | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkstation P520 Workstation | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before s0ekt45a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkstation P360 Workstation | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkstation P350 Workstation | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before m3kkt3ba |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkstation P348 Workstation | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before s08kt55a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkstation P340 Workstation | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before m2wkt5aa |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkstation P340 Tiny Workstation | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before m1vkt72a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkstation P330 Workstation 2nd Gen | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before m1vkt72a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkstation P330 Workstation | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before m1ukt72a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkstation P330 Tiny Workstation | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before s06kt64a |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkstation P320 Workstation | All versions |
References (2)
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.