Description

A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.

Related CPE's

o

lenovo

ideacentre_aio_3_21itl7_firmware

Vulnerable

h

lenovo

ideacentre_aio_3_21itl7

-

o

lenovo

ideacentre_aio_3-22itl6_firmware

Vulnerable

h

lenovo

ideacentre_aio_3-22itl6

-

o

lenovo

ideacentre_aio_3-24itl6_firmware

Vulnerable

h

lenovo

ideacentre_aio_3-24itl6

-

o

lenovo

ideacentre_aio_3-27itl6_firmware

Vulnerable

h

lenovo

ideacentre_aio_3-27itl6

-

o

lenovo

thinkcentre_m720e_firmware

Vulnerable

h

lenovo

thinkcentre_m720e

-

o

lenovo

thinkcentre_m720q_firmware

Vulnerable

h

lenovo

thinkcentre_m720q

-

o

lenovo

thinkcentre_m720s_firmware

Vulnerable

h

lenovo

thinkcentre_m720s

-

o

lenovo

thinkcentre_m720t_firmware

Vulnerable

h

lenovo

thinkcentre_m720t

-

o

lenovo

thinkcentre_m725s_firmware

Vulnerable

h

lenovo

thinkcentre_m725s

-

o

lenovo

thinkcentre_m75s_gen_2_firmware

2

h

lenovo

thinkcentre_m75s_gen_2

2

o

lenovo

thinkcentre_m75t_gen_2_firmware

2

h

lenovo

thinkcentre_m75t_gen_2

2

o

lenovo

thinkcentre_m920q_firmware

Vulnerable

h

lenovo

thinkcentre_m920q

-

o

lenovo

thinkcentre_m920s_firmware

Vulnerable

h

lenovo

thinkcentre_m920s

-

o

lenovo

thinkcentre_m920t_firmware

Vulnerable

h

lenovo

thinkcentre_m920t

-

o

lenovo

thinkcentre_m920x_firmware

Vulnerable

h

lenovo

thinkcentre_m920x

-

o

lenovo

thinkcentre_m920z_firmware

Vulnerable

h

lenovo

thinkcentre_m920z

-

o

lenovo

ideacentre_510s-07icb_firmware

2

h

lenovo

ideacentre_510s-07icb

2

o

lenovo

ideacentre_510s-07ick_firmware

2

h

lenovo

ideacentre_510s-07ick

2

o

lenovo

ideacentre_720-18apr_firmware

Vulnerable

h

lenovo

ideacentre_720-18apr

-

o

lenovo

v30a-22itl_firmware

Vulnerable

h

lenovo

v30a-22itl

-

o

lenovo

v30a-24itl_firmware

Vulnerable

h

lenovo

v30a-24itl

-

o

lenovo

v530s-07icb_firmware

Vulnerable

h

lenovo

v530s-07icb

-

o

lenovo

v530s-07icr_firmware

Vulnerable

h

lenovo

v530s-07icr

-

o

lenovo

thinkstation_p330_tiny_firmware

Vulnerable

h

lenovo

thinkstation_p330_tiny

-

o

lenovo

thinkstation_p360_ultra_firmware

Vulnerable

h

lenovo

thinkstation_p360_ultra

-

o

lenovo

thinkstation_p520_firmware

Vulnerable

h

lenovo

thinkstation_p520

-

o

lenovo

thinkstation_p520c_firmware

Vulnerable

h

lenovo

thinkstation_p520c

-

References

https://support.lenovo.com/us/en/product_security/LEN-124495

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-787

[email protected]

Secondary
CWE-787

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-06-05T22:15:11.563

1 year ago

Last modified

2023-06-13T21:19:19.467

1 year ago