CVE-2023-5080

Published: Jan 19, 2024Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands.

Affected (6)

Products: Lenovo: Tab M8 Hd Tb8505f Firmware, Tab M8 Hd Tb8505fs Firmware, Tab M8 Hd Tb8505x Firmware, Tab M8 Hd Tb8505xs Firmware, Tab M10 Plus Gen 3 Tb125fu Firmware, Tab P11 Pro Gen 2 Tb132fu Firmware

Lenovo

6 products

Tab M8 Hd Tb8505f Firmware

Tab M8 Hd Tb8505fs Firmware

Tab M8 Hd Tb8505x Firmware

Tab M8 Hd Tb8505xs Firmware

Tab M10 Plus Gen 3 Tb125fu Firmware

Tab P11 Pro Gen 2 Tb132fu Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Tab M8 Hd Tb8505f Firmware	Before 8505f_usr_s301106_2309140042_v9.56_bmp_row

Running on/with	Platform Versions
Lenovo Tab M8 Hd Tb8505f	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Tab M8 Hd Tb8505fs Firmware	Before 8505fs_usr_s301107_2309140028_v9.56_bmp_row

Running on/with	Platform Versions
Lenovo Tab M8 Hd Tb8505fs	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Tab M8 Hd Tb8505x Firmware	Before 8505x_usr_s301129_2309141226_v9.56_bmp_row

Running on/with	Platform Versions
Lenovo Tab M8 Hd Tb8505x	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Tab M8 Hd Tb8505xs Firmware	Before 8505xs_usr_s301077_2309140036_v9.56_bmp_row

Running on/with	Platform Versions
Lenovo Tab M8 Hd Tb8505xs	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Tab M10 Plus Gen 3 Tb125fu Firmware	Before tb125fu_usr_s100116_2311171525_mp1rc_row

Running on/with	Platform Versions
Lenovo Tab M10 Plus Gen 3 Tb125fu	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Tab P11 Pro Gen 2 Tb132fu Firmware	Before tb132fu_s240219_231123_row

Running on/with	Platform Versions
Lenovo Tab P11 Pro Gen 2 Tb132fu	All versions

Related CWEs

CWE-266

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

References (2)

https://support.lenovo.com/us/en/product_security/LEN-142135

Source: psirt@lenovo.com

Vendor Advisory

https://support.lenovo.com/us/en/product_security/LEN-142135

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.