Description

A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

Related CPE's

o

lenovo

k14_type_21cu_firmware

Vulnerable

h

lenovo

k14_type_21cu

-

o

lenovo

k14_type_21cv_firmware

Vulnerable

h

lenovo

k14_type_21cv

-

o

lenovo

thinkpad_s2_yoga_gen_8_firmware

Vulnerable

h

lenovo

thinkpad_s2_yoga_gen_8

-

o

lenovo

thinkpad_e14_gen_3_firmware

Vulnerable

h

lenovo

thinkpad_e14_gen_3

-

o

lenovo

thinkpad_e15_gen_3_firmware

Vulnerable

h

lenovo

thinkpad_e15_gen_3

-

o

lenovo

thinkpad_l13_gen_2_firmware

Vulnerable

h

lenovo

thinkpad_l13_gen_2

-

o

lenovo

thinkpad_l13_gen_3_firmware

Vulnerable

h

lenovo

thinkpad_l13_gen_3

-

o

lenovo

thinkpad_l13_gen_4_firmware

Vulnerable

h

lenovo

thinkpad_l13_gen_4

-

o

lenovo

thinkpad_l13_yoga_gen_4_firmware

Vulnerable

h

lenovo

thinkpad_l13_yoga_gen_4

-

o

lenovo

thinkpad_l13_yoga_gen_2_firmware

Vulnerable

h

lenovo

thinkpad_l13_yoga_gen_2

-

o

lenovo

thinkpad_l13_yoga_gen_3_firmware

Vulnerable

h

lenovo

thinkpad_l13_yoga_gen_3

-

o

lenovo

thinkpad_l14_gen_2_firmware

Vulnerable

h

lenovo

thinkpad_l14_gen_2

-

o

lenovo

thinkpad_l14_gen_3_firmware

Vulnerable

h

lenovo

thinkpad_l14_gen_3

-

o

lenovo

thinkpad_l14_gen_4_firmware

Vulnerable

h

lenovo

thinkpad_l14_gen_4

-

o

lenovo

thinkpad_l15_gen_2_firmware

Vulnerable

h

lenovo

thinkpad_l15_gen_2

-

o

lenovo

thinkpad_l15_gen_3_firmware

Vulnerable

h

lenovo

thinkpad_l15_gen_3

-

o

lenovo

thinkpad_l15_gen_4_firmware

Vulnerable

h

lenovo

thinkpad_l15_gen_4

-

o

lenovo

thinkpad_p14s_gen_2_firmware

Vulnerable

h

lenovo

thinkpad_p14s_gen_2

-

o

lenovo

thinkpad_t14_gen_2_firmware

Vulnerable

h

lenovo

thinkpad_t14_gen_2

-

o

lenovo

thinkpad_t14s_gen_2_firmware

Vulnerable

h

lenovo

thinkpad_t14s_gen_2

-

o

lenovo

thinkpad_s2_gen_6_firmware

Vulnerable

h

lenovo

thinkpad_s2_gen_6

-

o

lenovo

thinkpad_s2_gen_7_firmware

Vulnerable

h

lenovo

thinkpad_s2_gen_7

-

o

lenovo

thinkpad_s2_gen_8_firmware

Vulnerable

h

lenovo

thinkpad_s2_gen_8

-

o

lenovo

thinkpad_s2_yoga_gen_6_firmware

Vulnerable

h

lenovo

thinkpad_s2_yoga_gen_6

-

o

lenovo

thinkpad_s2_yoga_gen_7_firmware

Vulnerable

h

lenovo

thinkpad_s2_yoga_gen_7

-

o

lenovo

thinkpad_x13_gen_2_firmware

Vulnerable

h

lenovo

thinkpad_x13_gen_2

-

References

https://support.lenovo.com/us/en/product_security/LEN-134879

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-120

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-08-17T17:15:10.313

11 months ago

Last modified

2023-08-24T20:27:25.837

11 months ago