CVE-2023-2290 | Severity.io

Description

A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.

Related CPE's

thinkpad_e14_firmware

Vulnerable

thinkpad_e14_gen_2_firmware

Vulnerable

thinkpad_e14_gen_2

o

lenovo

thinkpad_e14_gen_4_firmware

2

h

lenovo

thinkpad_e14_gen_4

2

thinkpad_e15_firmware

Vulnerable

thinkpad_e15_gen_2_firmware

Vulnerable

thinkpad_e15_gen_2

o

lenovo

thinkpad_e15_gen_4_firmware

2

h

lenovo

thinkpad_e15_gen_4

2

thinkpad_e490_firmware

Vulnerable

thinkpad_e490s_firmware

Vulnerable

thinkpad_e590_firmware

Vulnerable

thinkpad_l13_gen_3_firmware

Vulnerable

thinkpad_l13_gen_3

thinkpad_l13_yoga_gen_3_firmware

Vulnerable

thinkpad_l13_yoga_gen_3

o

lenovo

thinkpad_l14_firmware

5

h

lenovo

thinkpad_l14

4

o

lenovo

thinkpad_l15_firmware

2

h

lenovo

thinkpad_l15

2

o

lenovo

thinkpad_l15_gen_2_firmware

2

thinkpad_l15_gen_2

thinkpad_l15_gen_3_firmware

Vulnerable

thinkpad_l15_gen_3

thinkpad_l490_firmware

Vulnerable

thinkpad_l590_firmware

Vulnerable

thinkpad_p1_gen_2_firmware

Vulnerable

thinkpad_p1_gen_2

thinkpad_p1_gen_3_firmware

Vulnerable

thinkpad_p1_gen_3

thinkpad_p1_gen_4_firmware

Vulnerable

thinkpad_p1_gen_4

thinkpad_p1_gen_5_firmware

Vulnerable

thinkpad_p1_gen_5

thinkpad_p14s_gen_1_firmware

Vulnerable

thinkpad_p14s_gen_1

o

lenovo

thinkpad_p14s_gen_2_firmware

3

h

lenovo

thinkpad_p14s_gen_2

2

o

lenovo

thinkpad_p14s_gen_3_firmware

2

thinkpad_p14s_gen_3

thinkpad_p15_gen_1_firmware

Vulnerable

thinkpad_p15_gen_1

thinkpad_p15_gen_2_firmware

Vulnerable

thinkpad_p15_gen_2

thinkpad_p15s_gen_1_firmware

Vulnerable

thinkpad_p15s_gen_1

o

lenovo

thinkpad_p15s_gen_2_firmware

2

thinkpad_p15s_gen_2

thinkpad_p15v_gen_1_firmware

Vulnerable

thinkpad_p15v_gen_1

thinkpad_p15v_gen_2_firmware

Vulnerable

thinkpad_p15v_gen_2

thinkpad_p15v_gen_3_firmware

Vulnerable

thinkpad_p15v_gen_3

thinkpad_p16_gen_1_firmware

Vulnerable

thinkpad_p16_gen_1

o

lenovo

thinkpad_p16s_gen_1_firmware

2

thinkpad_p16s_gen_1

thinkpad_p17_gen_1_firmware

Vulnerable

thinkpad_p17_gen_1

thinkpad_p17_gen_2_firmware

Vulnerable

thinkpad_p17_gen_2

o

lenovo

thinkpad_p43s_firmware

2

thinkpad_p53_firmware

Vulnerable

o

lenovo

thinkpad_p53s_firmware

2

thinkpad_p73_firmware

Vulnerable

o

lenovo

thinkpad_t14_gen_1_firmware

2

h

lenovo

thinkpad_t14_gen_1

2

o

lenovo

thinkpad_t14_gen_2_firmware

3

h

lenovo

thinkpad_t14_gen_2

2

o

lenovo

thinkpad_t14_gen_3_firmware

2

thinkpad_t14_gen_3

thinkpad_t14s_firmware

Vulnerable

o

lenovo

thinkpad_t14s_gen_2_firmware

2

h

lenovo

thinkpad_t14s_gen_2

2

thinkpad_t14s_gen_3_firmware

Vulnerable

thinkpad_t14s_gen_3

thinkpad_t15_firmware

Vulnerable

o

lenovo

thinkpad_t15_gen_2_firmware

2

thinkpad_t15_gen_2

thinkpad_t15g_gen_1_firmware

Vulnerable

thinkpad_t15g_gen_1

thinkpad_t15g_gen_2_firmware

Vulnerable

thinkpad_t15g_gen_2

thinkpad_t15p_gen_1_firmware

Vulnerable

thinkpad_t15p_gen_1

thinkpad_t15p_gen_2_firmware

Vulnerable

thinkpad_t15p_gen_2

thinkpad_t15p_gen_3_firmware

Vulnerable

thinkpad_t15p_gen_3

o

lenovo

thinkpad_t16_gen_1_firmware

2

thinkpad_t16_gen_1

o

lenovo

thinkpad_t490_firmware

6

h

lenovo

thinkpad_t490

3

o

lenovo

thinkpad_t490s_firmware

2

o

lenovo

thinkpad_t590_firmware

2

thinkpad_thinkpad_r14_gen_2_firmware

Vulnerable

thinkpad_thinkpad_r14_gen_2

thinkpad_thinkpad_r14_gen_4_firmware

Vulnerable

thinkpad_thinkpad_r14_gen_4

thinkpad_thinkpad_s3_2nd_gen_firmware

Vulnerable

thinkpad_thinkpad_s3_2nd_gen

thinkpad_x1_carbon_10th_gen_firmware

Vulnerable

thinkpad_x1_carbon_10th_gen

o

lenovo

thinkpad_x1_carbon_7th_gen_firmware

4

h

lenovo

thinkpad_x1_carbon_7th_gen

2

o

lenovo

thinkpad_x1_carbon_8th_gen_firmware

2

thinkpad_x1_carbon_8th_gen

thinkpad_x1_carbon_9th_gen_firmware

Vulnerable

thinkpad_x1_carbon_9th_gen

thinkpad_x1_extreme_2nd_gen_firmware

Vulnerable

thinkpad_x1_extreme_2nd_gen

thinkpad_x1_extreme_3rd_gen_firmware

Vulnerable

thinkpad_x1_extreme_3rd_gen

thinkpad_x1_extreme_4th_gen_firmware

Vulnerable

thinkpad_x1_extreme_4th_gen

thinkpad_x1_extreme_gen_5_firmware

Vulnerable

thinkpad_x1_extreme_gen_5

thinkpad_x1_nano_gen_1_firmware

Vulnerable

thinkpad_x1_nano_gen_1

thinkpad_x1_nano_gen_2_firmware

Vulnerable

thinkpad_x1_nano_gen_2

thinkpad_x1_titanium_firmware

Vulnerable

thinkpad_x1_titanium

o

lenovo

thinkpad_x1_yoga_4th_gen_firmware

4

h

lenovo

thinkpad_x1_yoga_4th_gen

2

o

lenovo

thinkpad_x1_yoga_5th_gen_firmware

2

thinkpad_x1_yoga_5th_gen

thinkpad_x1_yoga_6th_gen_firmware

Vulnerable

thinkpad_x1_yoga_6th_gen

thinkpad_x1_yoga_7th_gen_firmware

Vulnerable

thinkpad_x1_yoga_7th_gen

thinkpad_x12_detachable_gen_1_firmware

Vulnerable

thinkpad_x12_detachable_gen_1

thinkpad_x13_firmware

Vulnerable

o

lenovo

thinkpad_x13_gen_2_firmware

2

h

lenovo

thinkpad_x13_gen_2

2

thinkpad_x13_gen_3_firmware

Vulnerable

thinkpad_x13_gen_3

thinkpad_x13_yoga_gen_1_firmware

Vulnerable

thinkpad_x13_yoga_gen_1

thinkpad_x13_yoga_gen_2_firmware

Vulnerable

thinkpad_x13_yoga_gen_2

thinkpad_x13_yoga_gen_3_firmware

Vulnerable

thinkpad_x13_yoga_gen_3

o

lenovo

thinkpad_x390_firmware

3

h

lenovo

thinkpad_x390

2

thinkpad_x390_yoga_firmware

Vulnerable

thinkpad_x390_yoga

thinkpad_z13_gen_1_firmware

Vulnerable

thinkpad_z13_gen_1

thinkpad_z16_gen_1_firmware

Vulnerable

thinkpad_z16_gen_1

References

https://support.lenovo.com/us/en/product_security/LEN-106014

Vendor Advisory

Weaknesses

[email protected]

Primary

NVD-CWE-noinfo

[email protected]

Secondary

CWE-119

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 · Medium

CVSS V3.1
CVSS V3.0
CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-06-26T20:15:09.867

1 year ago

Last modified

2023-07-05T17:22:10.923

1 year ago