Search criteria
4 vulnerabilities found for Lenovo Notebook by Lenovo
CVE-2023-4028 (GCVE-0-2023-4028)
Vulnerability from nvd – Published: 2023-08-17 16:48 – Updated: 2024-10-08 13:50
VLAI
Summary
A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
Severity
6.7 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Lenovo Notebook |
Affected:
various
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_16iau7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_16iau7",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_16iru8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_16iru8",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:13w_yoga:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "13w_yoga",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "82s1"
},
{
"status": "affected",
"version": "82s2"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:13w_yoga_gen_2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "13w_yoga_gen_2",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "82yr"
},
{
"status": "affected",
"version": "82y2"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_5-14alc05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_5-14alc05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_5-15alc05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_5-15alc05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_5-14are05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_5-14are05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_5-14iil05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_5-14iil05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_5-14itl05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_5-14itl05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_5-15alc05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_5-15alc05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_5-15iil05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_5-15iil05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_5-15itl05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_5-15itl05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_1-11ada05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_1-11ada05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_1-11igl05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_1-11igl05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_1-14ada05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_1-14ada05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_1-14igl05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_1-14igl05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_14abr8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_14abr8",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_14alc7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_14alc7",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_14iau7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_14iau7",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_14iru8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_14iru8",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_16abr8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_16abr8",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_16alc7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_16alc7",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:flex_7_14iau7_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_7_14iau7_firmware",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_7_14iru8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_7_14iru8",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkbook_13s_g2_are:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkbook_13s_g2_are",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkbook_13s_g2_itl:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkbook_13s_g2_itl",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkbook_13s_g3_acn:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkbook_13s_g3_acn",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkbook_13s_g4_iap:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkbook_13s_g4_iap",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkbook_13x_g2_iap:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkbook_13x_g2_iap",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkbook_14s_g2_itl:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkbook_14s_g2_itl",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:yoga_9-15imh5:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "yoga_9-15imh5",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4028",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T13:16:57.654067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T13:50:36.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Lenovo Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"value": "A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T16:48:06.884Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2023-4028",
"datePublished": "2023-08-17T16:48:06.884Z",
"dateReserved": "2023-07-31T16:44:11.696Z",
"dateUpdated": "2024-10-08T13:50:36.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34419 (GCVE-0-2023-34419)
Vulnerability from nvd – Published: 2023-08-17 16:49 – Updated: 2024-08-02 16:10
VLAI
Summary
A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
Severity
6.7 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Lenovo Notebook |
Affected:
various
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Lenovo Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"value": "A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T16:49:12.282Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2023-34419",
"datePublished": "2023-08-17T16:49:12.282Z",
"dateReserved": "2023-06-05T19:15:31.605Z",
"dateUpdated": "2024-08-02T16:10:06.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34419 (GCVE-0-2023-34419)
Vulnerability from cvelistv5 – Published: 2023-08-17 16:49 – Updated: 2024-08-02 16:10
VLAI
Summary
A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
Severity
6.7 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Lenovo Notebook |
Affected:
various
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Lenovo Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"value": "A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T16:49:12.282Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2023-34419",
"datePublished": "2023-08-17T16:49:12.282Z",
"dateReserved": "2023-06-05T19:15:31.605Z",
"dateUpdated": "2024-08-02T16:10:06.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4028 (GCVE-0-2023-4028)
Vulnerability from cvelistv5 – Published: 2023-08-17 16:48 – Updated: 2024-10-08 13:50
VLAI
Summary
A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
Severity
6.7 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Lenovo Notebook |
Affected:
various
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_16iau7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_16iau7",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_16iru8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_16iru8",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:13w_yoga:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "13w_yoga",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "82s1"
},
{
"status": "affected",
"version": "82s2"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:13w_yoga_gen_2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "13w_yoga_gen_2",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "82yr"
},
{
"status": "affected",
"version": "82y2"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_5-14alc05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_5-14alc05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_5-15alc05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_5-15alc05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_5-14are05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_5-14are05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_5-14iil05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_5-14iil05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_5-14itl05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_5-14itl05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_5-15alc05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_5-15alc05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_5-15iil05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_5-15iil05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_5-15itl05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_5-15itl05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_1-11ada05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_1-11ada05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_1-11igl05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_1-11igl05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_1-14ada05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_1-14ada05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_1-14igl05:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_1-14igl05",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_14abr8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_14abr8",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_14alc7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_14alc7",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_14iau7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_14iau7",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_14iru8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_14iru8",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_16abr8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_16abr8",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:ideapad_flex_5_16alc7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ideapad_flex_5_16alc7",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:flex_7_14iau7_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_7_14iau7_firmware",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:flex_7_14iru8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flex_7_14iru8",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkbook_13s_g2_are:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkbook_13s_g2_are",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkbook_13s_g2_itl:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkbook_13s_g2_itl",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkbook_13s_g3_acn:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkbook_13s_g3_acn",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkbook_13s_g4_iap:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkbook_13s_g4_iap",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkbook_13x_g2_iap:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkbook_13x_g2_iap",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkbook_14s_g2_itl:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkbook_14s_g2_itl",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:yoga_9-15imh5:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "yoga_9-15imh5",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4028",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T13:16:57.654067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T13:50:36.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Lenovo Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"value": "A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T16:48:06.884Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2023-4028",
"datePublished": "2023-08-17T16:48:06.884Z",
"dateReserved": "2023-07-31T16:44:11.696Z",
"dateUpdated": "2024-10-08T13:50:36.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}