Description

A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

Related CPE's

o

lenovo

13w_yoga_firmware

Vulnerable

h

lenovo

13w_yoga

-

o

lenovo

13w_yoga_gen_2_firmware

Vulnerable

h

lenovo

13w_yoga_gen_2

-

o

lenovo

ideapad_1-11ada05_firmware

Vulnerable

h

lenovo

ideapad_1-11ada05

-

o

lenovo

ideapad_1-11igl05_firmware

Vulnerable

h

lenovo

ideapad_1-11igl05

-

o

lenovo

ideapad_1-14ada05_firmware

Vulnerable

h

lenovo

ideapad_1-14ada05

-

o

lenovo

ideapad_1-14igl05_firmware

Vulnerable

h

lenovo

ideapad_1-14igl05

-

o

lenovo

flex_5-14alc05_firmware

Vulnerable

h

lenovo

flex_5-14alc05

-

o

lenovo

flex_5-14are05_firmware

Vulnerable

h

lenovo

flex_5-14are05

-

o

lenovo

flex_5-14iil05_firmware

Vulnerable

h

lenovo

flex_5-14iil05

-

o

lenovo

flex_5-14itl05_firmware

Vulnerable

h

lenovo

flex_5-14itl05

-

o

lenovo

flex_5-15alc05_firmware

Vulnerable

h

lenovo

flex_5-15alc05

-

o

lenovo

flex_5-15iil05_firmware

Vulnerable

h

lenovo

flex_5-15iil05

-

o

lenovo

flex_5-15itl05_firmware

Vulnerable

h

lenovo

flex_5-15itl05

-

o

lenovo

ideapad_flex_5_14abr8_firmware

Vulnerable

h

lenovo

ideapad_flex_5_14abr8

-

o

lenovo

ideapad_flex_5_14alc7_firmware

Vulnerable

h

lenovo

ideapad_flex_5_14alc7

-

o

lenovo

ideapad_flex_5_14iau7_firmware

Vulnerable

h

lenovo

ideapad_flex_5_14iau7

-

o

lenovo

ideapad_flex_5_14iru8_firmware

Vulnerable

h

lenovo

ideapad_flex_5_14iru8

-

o

lenovo

ideapad_flex_5_16abr8_firmware

Vulnerable

h

lenovo

ideapad_flex_5_16abr8

-

o

lenovo

ideapad_flex_5_16alc7_firmware

Vulnerable

h

lenovo

ideapad_flex_5_16alc7

-

o

lenovo

ideapad_flex_5_16iau7_firmware

Vulnerable

h

lenovo

ideapad_flex_5_16iau7

-

o

lenovo

ideapad_flex_5_16iru8_firmware

Vulnerable

h

lenovo

ideapad_flex_5_16iru8

-

o

lenovo

flex_7_14iru8_firmware

Vulnerable

h

lenovo

flex_7_14iru8

-

o

lenovo

thinkbook_13s_g2_are_firmware

Vulnerable

h

lenovo

thinkbook_13s_g2_are

-

o

lenovo

thinkbook_13s_g2_itl_firmware

Vulnerable

h

lenovo

thinkbook_13s_g2_itl

-

o

lenovo

thinkbook_13s_g3_acn_firmware

Vulnerable

h

lenovo

thinkbook_13s_g3_acn

-

o

lenovo

thinkbook_13s_g4_iap_firmware

Vulnerable

h

lenovo

thinkbook_13s_g4_iap

-

o

lenovo

thinkbook_13x_g2_iap_firmware

Vulnerable

h

lenovo

thinkbook_13x_g2_iap

-

o

lenovo

thinkbook_14s_g2_itl_firmware

Vulnerable

h

lenovo

thinkbook_14s_g2_itl

-

o

lenovo

yoga_9-15imh5_firmware

Vulnerable

h

lenovo

yoga_9-15imh5

-

References

https://support.lenovo.com/us/en/product_security/LEN-134879

Vendor Advisory

https://support.lenovo.com/us/en/product_security/LEN-134879

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-120

[email protected]

Primary
CWE-120

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-08-17T15:15:10.217Z

2 years ago

Last modified

2024-11-21T07:34:15.500Z

1 year ago