Description

A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

Related CPE's

o

lenovo

100e_2nd_gen_firmware

Vulnerable

h

lenovo

100e_2nd_gen

-

o

lenovo

100w_gen_3_firmware

Vulnerable

h

lenovo

100w_gen_3

-

o

lenovo

13w_yoga_firmware

Vulnerable

h

lenovo

13w_yoga

-

o

lenovo

14w_gen_2_firmware

Vulnerable

h

lenovo

14w_gen_2

-

o

lenovo

300e_2nd_gen_firmware

Vulnerable

h

lenovo

300e_2nd_gen

-

o

lenovo

300w_gen_3_firmware

Vulnerable

h

lenovo

300w_gen_3

-

o

lenovo

500w_gen_3_firmware

Vulnerable

h

lenovo

500w_gen_3

-

o

lenovo

730s-13iml_firmware

Vulnerable

h

lenovo

730s-13iml

-

o

lenovo

flex_3-11ada05_firmware

Vulnerable

h

lenovo

flex_3-11ada05

-

o

lenovo

flex_5-14alc05_firmware

Vulnerable

h

lenovo

flex_5-14alc05

-

o

lenovo

flex_5-14are05_firmware

Vulnerable

h

lenovo

flex_5-14are05

-

o

lenovo

flex_5-14iil05_firmware

Vulnerable

h

lenovo

flex_5-14iil05

-

o

lenovo

flex_5-14itl05_firmware

Vulnerable

h

lenovo

flex_5-14itl05

-

o

lenovo

flex_5-15alc05_firmware

Vulnerable

h

lenovo

flex_5-15alc05

-

o

lenovo

flex_5-15iil05_firmware

Vulnerable

h

lenovo

flex_5-15iil05

-

o

lenovo

flex_5-15itl05_firmware

Vulnerable

h

lenovo

flex_5-15itl05

-

o

lenovo

ideapad_1-11ada05_firmware

Vulnerable

h

lenovo

ideapad_1-11ada05

-

o

lenovo

ideapad_1-11igl05_firmware

Vulnerable

h

lenovo

ideapad_1-11igl05

-

o

lenovo

ideapad_1-14ada05_firmware

Vulnerable

h

lenovo

ideapad_1-14ada05

-

o

lenovo

ideapad_1-14igl05_firmware

Vulnerable

h

lenovo

ideapad_1-14igl05

-

o

lenovo

ideapad_3-15ada05_firmware

Vulnerable

h

lenovo

ideapad_3-15ada05

-

o

lenovo

ideapad_3-14ada05_firmware

Vulnerable

h

lenovo

ideapad_3-14ada05

-

o

lenovo

ideapad_3-14ada6_firmware

Vulnerable

h

lenovo

ideapad_3-14ada6

-

o

lenovo

ideapad_3-14alc6_firmware

Vulnerable

h

lenovo

ideapad_3-14alc6

-

o

lenovo

ideapad_3-15ada6_firmware

Vulnerable

h

lenovo

ideapad_3-15ada6

-

o

lenovo

ideapad_3-15alc6_firmware

Vulnerable

h

lenovo

ideapad_3-15alc6

-

o

lenovo

ideapad_3-17alc6_firmware

Vulnerable

h

lenovo

ideapad_3-17alc6

-

o

lenovo

ideapad_3-17ada05_firmware

Vulnerable

h

lenovo

ideapad_3-17ada05

-

o

lenovo

ideapad_3-17ada6_firmware

Vulnerable

h

lenovo

ideapad_3-17ada6

-

o

lenovo

ideapad_5_15aba7_firmware

Vulnerable

h

lenovo

ideapad_5_15aba7

-

o

lenovo

ideapad_flex_5_14alc7_firmware

Vulnerable

h

lenovo

ideapad_flex_5_14alc7

-

o

lenovo

ideapad_flex_5_16alc7_firmware

Vulnerable

h

lenovo

ideapad_flex_5_16alc7

-

o

lenovo

legion_s7-15imh5_firmware

Vulnerable

h

lenovo

legion_s7-15imh5

-

o

lenovo

legion_s7-15ach6_firmware

Vulnerable

h

lenovo

legion_s7-15ach6

-

o

lenovo

legion_s7-15arh5_firmware

Vulnerable

h

lenovo

legion_s7-15arh5

-

o

lenovo

s145-14api_firmware

Vulnerable

h

lenovo

s145-14api

-

o

lenovo

s145-14ast_firmware

Vulnerable

h

lenovo

s145-14ast

-

o

lenovo

s145-15api_firmware

Vulnerable

h

lenovo

s145-15api

-

o

lenovo

s145-15ast_firmware

Vulnerable

h

lenovo

s145-15ast

-

o

lenovo

s540-13api_firmware

Vulnerable

h

lenovo

s540-13api

-

o

lenovo

ideapad_s940-14iil_firmware

Vulnerable

h

lenovo

ideapad_s940-14iil

-

o

lenovo

yoga_s940-14iil_firmware

2

h

lenovo

yoga_s940-14iil

2

o

lenovo

ideapad_slim_1-14ast-05_firmware

Vulnerable

h

lenovo

ideapad_slim_1-14ast-05

-

o

lenovo

ideapad_slim_1-11ast-05_firmware

Vulnerable

h

lenovo

ideapad_slim_1-11ast-05

-

o

lenovo

thinkbook_13s_g3_acn_firmware

Vulnerable

h

lenovo

thinkbook_13s_g3_acn

-

o

lenovo

thinkbook_13s_g2_are_firmware

Vulnerable

h

lenovo

thinkbook_13s_g2_are

-

o

lenovo

thinkbook_13s_g2_itl_firmware

Vulnerable

h

lenovo

thinkbook_13s_g2_itl

-

o

lenovo

thinkbook_13s-iml_firmware

Vulnerable

h

lenovo

thinkbook_13s-iml

-

o

lenovo

thinkbook_14-iil_firmware

Vulnerable

h

lenovo

thinkbook_14-iil

-

o

lenovo

thinkbook_14-iml_firmware

Vulnerable

h

lenovo

thinkbook_14-iml

-

o

lenovo

thinkbook_14p_g2_ach_firmware

Vulnerable

h

lenovo

thinkbook_14p_g2_ach

-

o

lenovo

thinkbook_14s_g2_itl_firmware

Vulnerable

h

lenovo

thinkbook_14s_g2_itl

-

o

lenovo

thinkbook_14s-iml_firmware

Vulnerable

h

lenovo

thinkbook_14s-iml

-

o

lenovo

thinkbook_15-iil_firmware

Vulnerable

h

lenovo

thinkbook_15-iil

-

o

lenovo

thinkbook_15-iml_firmware

Vulnerable

h

lenovo

thinkbook_15-iml

-

o

lenovo

thinkbook_16p_g2_ach_firmware

Vulnerable

h

lenovo

thinkbook_16p_g2_ach

-

o

lenovo

v130-15ikb_firmware

Vulnerable

h

lenovo

v130-15ikb

-

o

lenovo

v14_g2-alc_firmware

Vulnerable

h

lenovo

v14_g2-alc

-

o

lenovo

v14-ada_firmware

Vulnerable

h

lenovo

v14-ada

-

o

lenovo

v15_g2-alc_firmware

Vulnerable

h

lenovo

v15_g2-alc

-

o

lenovo

v15-ada_firmware

Vulnerable

h

lenovo

v15-ada

-

o

lenovo

yoga_9-15imh5_firmware

Vulnerable

h

lenovo

yoga_9-15imh5

-

o

lenovo

yoga_c640-13iml_firmware

Vulnerable

h

lenovo

yoga_c640-13iml

-

o

lenovo

yoga_c640-13iml_lte_firmware

Vulnerable

h

lenovo

yoga_c640-13iml_lte

-

o

lenovo

yoga_c940-15irh_firmware

Vulnerable

h

lenovo

yoga_c940-15irh

-

o

lenovo

yoga_s730-13iml_firmware

Vulnerable

h

lenovo

yoga_s730-13iml

-

o

lenovo

yoga_slim_7_pro-14ach5_firmware

Vulnerable

h

lenovo

yoga_slim_7_pro-14ach5

-

o

lenovo

yoga_slim_7_pro-14ach5_o_firmware

Vulnerable

h

lenovo

yoga_slim_7_pro-14ach5_o

-

o

lenovo

yoga_slim_7_pro-14arh5_firmware

Vulnerable

h

lenovo

yoga_slim_7_pro-14arh5

-

o

lenovo

ideapad_5-15alc05_firmware

Vulnerable

h

lenovo

ideapad_5-15alc05

-

References

https://support.lenovo.com/us/en/product_security/LEN-91369

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-120

[email protected]

Secondary
CWE-122

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-01-26T21:15:25.467

2 years ago

Last modified

2023-02-03T18:17:50.007

2 years ago