CVE-2023-4028
 
Severity Score
6.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
Se ha identificado un desbordamiento de búfer en el controlador SystemUserMasterHddPwdDxe de algunos productos portátiles de Lenovo que puede permitir a un atacante con acceso local y privilegios elevados ejecutar código arbitrario.
*Credits:
Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-07-31 CVE Reserved
- 2023-08-17 CVE Published
- 2023-08-25 EPSS Updated
- 2024-10-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://support.lenovo.com/us/en/product_security/LEN-134879 | 2023-08-24 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Lenovo Search vendor "Lenovo" | 13w Yoga Firmware Search vendor "Lenovo" for product "13w Yoga Firmware" | < jacn38ww Search vendor "Lenovo" for product "13w Yoga Firmware" and version " < jacn38ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | 13w Yoga Search vendor "Lenovo" for product "13w Yoga" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | 13w Yoga Gen 2 Firmware Search vendor "Lenovo" for product "13w Yoga Gen 2 Firmware" | < kbcn20ww Search vendor "Lenovo" for product "13w Yoga Gen 2 Firmware" and version " < kbcn20ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | 13w Yoga Gen 2 Search vendor "Lenovo" for product "13w Yoga Gen 2" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Ideapad 1-11ada05 Firmware Search vendor "Lenovo" for product "Ideapad 1-11ada05 Firmware" | < fqcn29ww Search vendor "Lenovo" for product "Ideapad 1-11ada05 Firmware" and version " < fqcn29ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ideapad 1-11ada05 Search vendor "Lenovo" for product "Ideapad 1-11ada05" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Ideapad 1-11igl05 Firmware Search vendor "Lenovo" for product "Ideapad 1-11igl05 Firmware" | < dwcn28ww Search vendor "Lenovo" for product "Ideapad 1-11igl05 Firmware" and version " < dwcn28ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ideapad 1-11igl05 Search vendor "Lenovo" for product "Ideapad 1-11igl05" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Ideapad 1-14ada05 Firmware Search vendor "Lenovo" for product "Ideapad 1-14ada05 Firmware" | < fqcn29ww Search vendor "Lenovo" for product "Ideapad 1-14ada05 Firmware" and version " < fqcn29ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ideapad 1-14ada05 Search vendor "Lenovo" for product "Ideapad 1-14ada05" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Ideapad 1-14igl05 Firmware Search vendor "Lenovo" for product "Ideapad 1-14igl05 Firmware" | < dwcn28ww Search vendor "Lenovo" for product "Ideapad 1-14igl05 Firmware" and version " < dwcn28ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ideapad 1-14igl05 Search vendor "Lenovo" for product "Ideapad 1-14igl05" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Flex 5-14alc05 Firmware Search vendor "Lenovo" for product "Flex 5-14alc05 Firmware" | < gjcn32ww Search vendor "Lenovo" for product "Flex 5-14alc05 Firmware" and version " < gjcn32ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Flex 5-14alc05 Search vendor "Lenovo" for product "Flex 5-14alc05" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Flex 5-14are05 Firmware Search vendor "Lenovo" for product "Flex 5-14are05 Firmware" | < eecn43ww Search vendor "Lenovo" for product "Flex 5-14are05 Firmware" and version " < eecn43ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Flex 5-14are05 Search vendor "Lenovo" for product "Flex 5-14are05" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Flex 5-14iil05 Firmware Search vendor "Lenovo" for product "Flex 5-14iil05 Firmware" | < eccn45ww Search vendor "Lenovo" for product "Flex 5-14iil05 Firmware" and version " < eccn45ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Flex 5-14iil05 Search vendor "Lenovo" for product "Flex 5-14iil05" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Flex 5-14itl05 Firmware Search vendor "Lenovo" for product "Flex 5-14itl05 Firmware" | < fxcn44ww Search vendor "Lenovo" for product "Flex 5-14itl05 Firmware" and version " < fxcn44ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Flex 5-14itl05 Search vendor "Lenovo" for product "Flex 5-14itl05" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Flex 5-15alc05 Firmware Search vendor "Lenovo" for product "Flex 5-15alc05 Firmware" | < gjcn32ww Search vendor "Lenovo" for product "Flex 5-15alc05 Firmware" and version " < gjcn32ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Flex 5-15alc05 Search vendor "Lenovo" for product "Flex 5-15alc05" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Flex 5-15iil05 Firmware Search vendor "Lenovo" for product "Flex 5-15iil05 Firmware" | < eccn45ww Search vendor "Lenovo" for product "Flex 5-15iil05 Firmware" and version " < eccn45ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Flex 5-15iil05 Search vendor "Lenovo" for product "Flex 5-15iil05" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Flex 5-15itl05 Firmware Search vendor "Lenovo" for product "Flex 5-15itl05 Firmware" | < fxcn44ww Search vendor "Lenovo" for product "Flex 5-15itl05 Firmware" and version " < fxcn44ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Flex 5-15itl05 Search vendor "Lenovo" for product "Flex 5-15itl05" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Ideapad Flex 5 14abr8 Firmware Search vendor "Lenovo" for product "Ideapad Flex 5 14abr8 Firmware" | < l7cn17ww Search vendor "Lenovo" for product "Ideapad Flex 5 14abr8 Firmware" and version " < l7cn17ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ideapad Flex 5 14abr8 Search vendor "Lenovo" for product "Ideapad Flex 5 14abr8" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Ideapad Flex 5 14alc7 Firmware Search vendor "Lenovo" for product "Ideapad Flex 5 14alc7 Firmware" | < jccn35ww Search vendor "Lenovo" for product "Ideapad Flex 5 14alc7 Firmware" and version " < jccn35ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ideapad Flex 5 14alc7 Search vendor "Lenovo" for product "Ideapad Flex 5 14alc7" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Ideapad Flex 5 14iau7 Firmware Search vendor "Lenovo" for product "Ideapad Flex 5 14iau7 Firmware" | < j7cn44ww Search vendor "Lenovo" for product "Ideapad Flex 5 14iau7 Firmware" and version " < j7cn44ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ideapad Flex 5 14iau7 Search vendor "Lenovo" for product "Ideapad Flex 5 14iau7" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Ideapad Flex 5 14iru8 Firmware Search vendor "Lenovo" for product "Ideapad Flex 5 14iru8 Firmware" | < l6cn20ww Search vendor "Lenovo" for product "Ideapad Flex 5 14iru8 Firmware" and version " < l6cn20ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ideapad Flex 5 14iru8 Search vendor "Lenovo" for product "Ideapad Flex 5 14iru8" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Ideapad Flex 5 16abr8 Firmware Search vendor "Lenovo" for product "Ideapad Flex 5 16abr8 Firmware" | < l7cn17ww Search vendor "Lenovo" for product "Ideapad Flex 5 16abr8 Firmware" and version " < l7cn17ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ideapad Flex 5 16abr8 Search vendor "Lenovo" for product "Ideapad Flex 5 16abr8" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Ideapad Flex 5 16alc7 Firmware Search vendor "Lenovo" for product "Ideapad Flex 5 16alc7 Firmware" | < jccn35ww Search vendor "Lenovo" for product "Ideapad Flex 5 16alc7 Firmware" and version " < jccn35ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ideapad Flex 5 16alc7 Search vendor "Lenovo" for product "Ideapad Flex 5 16alc7" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Ideapad Flex 5 16iau7 Firmware Search vendor "Lenovo" for product "Ideapad Flex 5 16iau7 Firmware" | < j7cn44ww Search vendor "Lenovo" for product "Ideapad Flex 5 16iau7 Firmware" and version " < j7cn44ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ideapad Flex 5 16iau7 Search vendor "Lenovo" for product "Ideapad Flex 5 16iau7" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Ideapad Flex 5 16iru8 Firmware Search vendor "Lenovo" for product "Ideapad Flex 5 16iru8 Firmware" | < l6cn20ww Search vendor "Lenovo" for product "Ideapad Flex 5 16iru8 Firmware" and version " < l6cn20ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ideapad Flex 5 16iru8 Search vendor "Lenovo" for product "Ideapad Flex 5 16iru8" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Flex 7 14iru8 Firmware Search vendor "Lenovo" for product "Flex 7 14iru8 Firmware" | < l6cn20ww Search vendor "Lenovo" for product "Flex 7 14iru8 Firmware" and version " < l6cn20ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Flex 7 14iru8 Search vendor "Lenovo" for product "Flex 7 14iru8" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Thinkbook 13s G2 Are Firmware Search vendor "Lenovo" for product "Thinkbook 13s G2 Are Firmware" | < fvcn28ww Search vendor "Lenovo" for product "Thinkbook 13s G2 Are Firmware" and version " < fvcn28ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkbook 13s G2 Are Search vendor "Lenovo" for product "Thinkbook 13s G2 Are" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Thinkbook 13s G2 Itl Firmware Search vendor "Lenovo" for product "Thinkbook 13s G2 Itl Firmware" | < f9cn57ww Search vendor "Lenovo" for product "Thinkbook 13s G2 Itl Firmware" and version " < f9cn57ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkbook 13s G2 Itl Search vendor "Lenovo" for product "Thinkbook 13s G2 Itl" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Thinkbook 13s G3 Acn Firmware Search vendor "Lenovo" for product "Thinkbook 13s G3 Acn Firmware" | < gmcn35ww Search vendor "Lenovo" for product "Thinkbook 13s G3 Acn Firmware" and version " < gmcn35ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkbook 13s G3 Acn Search vendor "Lenovo" for product "Thinkbook 13s G3 Acn" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Thinkbook 13s G4 Iap Firmware Search vendor "Lenovo" for product "Thinkbook 13s G4 Iap Firmware" | < hwcn49ww Search vendor "Lenovo" for product "Thinkbook 13s G4 Iap Firmware" and version " < hwcn49ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkbook 13s G4 Iap Search vendor "Lenovo" for product "Thinkbook 13s G4 Iap" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Thinkbook 13x G2 Iap Firmware Search vendor "Lenovo" for product "Thinkbook 13x G2 Iap Firmware" | < hxcn54ww Search vendor "Lenovo" for product "Thinkbook 13x G2 Iap Firmware" and version " < hxcn54ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkbook 13x G2 Iap Search vendor "Lenovo" for product "Thinkbook 13x G2 Iap" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Thinkbook 14s G2 Itl Firmware Search vendor "Lenovo" for product "Thinkbook 14s G2 Itl Firmware" | < f9cn57ww Search vendor "Lenovo" for product "Thinkbook 14s G2 Itl Firmware" and version " < f9cn57ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkbook 14s G2 Itl Search vendor "Lenovo" for product "Thinkbook 14s G2 Itl" | - | - |
Safe
|
Lenovo Search vendor "Lenovo" | Yoga 9-15imh5 Firmware Search vendor "Lenovo" for product "Yoga 9-15imh5 Firmware" | < epcn32ww Search vendor "Lenovo" for product "Yoga 9-15imh5 Firmware" and version " < epcn32ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Yoga 9-15imh5 Search vendor "Lenovo" for product "Yoga 9-15imh5" | - | - |
Safe
|