Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-4028

A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

Published

2023-08-17T17:15:10.217

Last Modified

2024-11-21T08:34:15.500

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-120
Type: Primary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	13w_yoga_firmware	< jacn38ww	Yes
Hardware	lenovo	13w_yoga	-	No
Operating System	lenovo	13w_yoga_gen_2_firmware	< kbcn20ww	Yes
Hardware	lenovo	13w_yoga_gen_2	-	No
Operating System	lenovo	ideapad_1-11ada05_firmware	< fqcn29ww	Yes
Hardware	lenovo	ideapad_1-11ada05	-	No
Operating System	lenovo	ideapad_1-11igl05_firmware	< dwcn28ww	Yes
Hardware	lenovo	ideapad_1-11igl05	-	No
Operating System	lenovo	ideapad_1-14ada05_firmware	< fqcn29ww	Yes
Hardware	lenovo	ideapad_1-14ada05	-	No
Operating System	lenovo	ideapad_1-14igl05_firmware	< dwcn28ww	Yes
Hardware	lenovo	ideapad_1-14igl05	-	No
Operating System	lenovo	flex_5-14alc05_firmware	< gjcn32ww	Yes
Hardware	lenovo	flex_5-14alc05	-	No
Operating System	lenovo	flex_5-14are05_firmware	< eecn43ww	Yes
Hardware	lenovo	flex_5-14are05	-	No
Operating System	lenovo	flex_5-14iil05_firmware	< eccn45ww	Yes
Hardware	lenovo	flex_5-14iil05	-	No
Operating System	lenovo	flex_5-14itl05_firmware	< fxcn44ww	Yes
Hardware	lenovo	flex_5-14itl05	-	No
Operating System	lenovo	flex_5-15alc05_firmware	< gjcn32ww	Yes
Hardware	lenovo	flex_5-15alc05	-	No
Operating System	lenovo	flex_5-15iil05_firmware	< eccn45ww	Yes
Hardware	lenovo	flex_5-15iil05	-	No
Operating System	lenovo	flex_5-15itl05_firmware	< fxcn44ww	Yes
Hardware	lenovo	flex_5-15itl05	-	No
Operating System	lenovo	ideapad_flex_5_14abr8_firmware	< l7cn17ww	Yes
Hardware	lenovo	ideapad_flex_5_14abr8	-	No
Operating System	lenovo	ideapad_flex_5_14alc7_firmware	< jccn35ww	Yes
Hardware	lenovo	ideapad_flex_5_14alc7	-	No
Operating System	lenovo	ideapad_flex_5_14iau7_firmware	< j7cn44ww	Yes
Hardware	lenovo	ideapad_flex_5_14iau7	-	No
Operating System	lenovo	ideapad_flex_5_14iru8_firmware	< l6cn20ww	Yes
Hardware	lenovo	ideapad_flex_5_14iru8	-	No
Operating System	lenovo	ideapad_flex_5_16abr8_firmware	< l7cn17ww	Yes
Hardware	lenovo	ideapad_flex_5_16abr8	-	No
Operating System	lenovo	ideapad_flex_5_16alc7_firmware	< jccn35ww	Yes
Hardware	lenovo	ideapad_flex_5_16alc7	-	No
Operating System	lenovo	ideapad_flex_5_16iau7_firmware	< j7cn44ww	Yes
Hardware	lenovo	ideapad_flex_5_16iau7	-	No
Operating System	lenovo	ideapad_flex_5_16iru8_firmware	< l6cn20ww	Yes
Hardware	lenovo	ideapad_flex_5_16iru8	-	No
Operating System	lenovo	flex_7_14iru8_firmware	< l6cn20ww	Yes
Hardware	lenovo	flex_7_14iru8	-	No
Operating System	lenovo	thinkbook_13s_g2_are_firmware	< fvcn28ww	Yes
Hardware	lenovo	thinkbook_13s_g2_are	-	No
Operating System	lenovo	thinkbook_13s_g2_itl_firmware	< f9cn57ww	Yes
Hardware	lenovo	thinkbook_13s_g2_itl	-	No
Operating System	lenovo	thinkbook_13s_g3_acn_firmware	< gmcn35ww	Yes
Hardware	lenovo	thinkbook_13s_g3_acn	-	No
Operating System	lenovo	thinkbook_13s_g4_iap_firmware	< hwcn49ww	Yes
Hardware	lenovo	thinkbook_13s_g4_iap	-	No
Operating System	lenovo	thinkbook_13x_g2_iap_firmware	< hxcn54ww	Yes
Hardware	lenovo	thinkbook_13x_g2_iap	-	No
Operating System	lenovo	thinkbook_14s_g2_itl_firmware	< f9cn57ww	Yes
Hardware	lenovo	thinkbook_14s_g2_itl	-	No
Operating System	lenovo	yoga_9-15imh5_firmware	< epcn32ww	Yes
Hardware	lenovo	yoga_9-15imh5	-	No

References

https://support.lenovo.com/us/en/product_security/LEN-134879 Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-134879 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)