CVSS: 6.7EPSS: 0%CPEs: 52EXPL: 0CVE-2023-4029
https://notcve.org/view.php?id=CVE-2023-4029
17 Aug 2023 — A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code. Se ha identificado un desbordamiento de búfer en el controlador BoardUpdateAcpiDxe de algunos productos ThinkPad de Lenovo que puede permitir a un atacante con acceso local y privilegios elevados ejecutar código arbitrario. • https://support.lenovo.com/us/en/product_security/LEN-134879 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.4EPSS: 0%CPEs: 673EXPL: 0CVE-2022-40134
https://notcve.org/view.php?id=CVE-2022-40134
30 Jan 2023 — An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. • https://support.lenovo.com/us/en/product_security/LEN-94953 • CWE-125: Out-of-bounds Read •