Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-4029

A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

Published

2023-08-17T17:15:10.313

Last Modified

2024-11-21T08:34:15.683

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses

Type: Primary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	k14_type_21cu_firmware	< 1.12	Yes
Hardware	lenovo	k14_type_21cu	-	No
Operating System	lenovo	k14_type_21cv_firmware	< 1.12	Yes
Hardware	lenovo	k14_type_21cv	-	No
Operating System	lenovo	thinkpad_s2_yoga_gen_8_firmware	< 1.10	Yes
Hardware	lenovo	thinkpad_s2_yoga_gen_8	-	No
Operating System	lenovo	thinkpad_e14_gen_3_firmware	< 1.15	Yes
Hardware	lenovo	thinkpad_e14_gen_3	-	No
Operating System	lenovo	thinkpad_e15_gen_3_firmware	< 1.15	Yes
Hardware	lenovo	thinkpad_e15_gen_3	-	No
Operating System	lenovo	thinkpad_l13_gen_2_firmware	< 1.30	Yes
Hardware	lenovo	thinkpad_l13_gen_2	-	No
Operating System	lenovo	thinkpad_l13_gen_3_firmware	< 1.19	Yes
Hardware	lenovo	thinkpad_l13_gen_3	-	No
Operating System	lenovo	thinkpad_l13_gen_4_firmware	< 1.10	Yes
Hardware	lenovo	thinkpad_l13_gen_4	-	No
Operating System	lenovo	thinkpad_l13_yoga_gen_4_firmware	< 1.10	Yes
Hardware	lenovo	thinkpad_l13_yoga_gen_4	-	No
Operating System	lenovo	thinkpad_l13_yoga_gen_2_firmware	< 1.30	Yes
Hardware	lenovo	thinkpad_l13_yoga_gen_2	-	No
Operating System	lenovo	thinkpad_l13_yoga_gen_3_firmware	< 1.19	Yes
Hardware	lenovo	thinkpad_l13_yoga_gen_3	-	No
Operating System	lenovo	thinkpad_l14_gen_2_firmware	< 1.28	Yes
Hardware	lenovo	thinkpad_l14_gen_2	-	No
Operating System	lenovo	thinkpad_l14_gen_3_firmware	< 1.23	Yes
Hardware	lenovo	thinkpad_l14_gen_3	-	No
Operating System	lenovo	thinkpad_l14_gen_4_firmware	< 1.06	Yes
Hardware	lenovo	thinkpad_l14_gen_4	-	No
Operating System	lenovo	thinkpad_l15_gen_2_firmware	< 1.28	Yes
Hardware	lenovo	thinkpad_l15_gen_2	-	No
Operating System	lenovo	thinkpad_l15_gen_3_firmware	< 1.23	Yes
Hardware	lenovo	thinkpad_l15_gen_3	-	No
Operating System	lenovo	thinkpad_l15_gen_4_firmware	< 1.06	Yes
Hardware	lenovo	thinkpad_l15_gen_4	-	No
Operating System	lenovo	thinkpad_p14s_gen_2_firmware	< 1.34	Yes
Hardware	lenovo	thinkpad_p14s_gen_2	-	No
Operating System	lenovo	thinkpad_t14_gen_2_firmware	< 1.34	Yes
Hardware	lenovo	thinkpad_t14_gen_2	-	No
Operating System	lenovo	thinkpad_t14s_gen_2_firmware	< 1.37	Yes
Hardware	lenovo	thinkpad_t14s_gen_2	-	No
Operating System	lenovo	thinkpad_s2_gen_6_firmware	< 1.30	Yes
Hardware	lenovo	thinkpad_s2_gen_6	-	No
Operating System	lenovo	thinkpad_s2_gen_7_firmware	< 1.19	Yes
Hardware	lenovo	thinkpad_s2_gen_7	-	No
Operating System	lenovo	thinkpad_s2_gen_8_firmware	< 1.10	Yes
Hardware	lenovo	thinkpad_s2_gen_8	-	No
Operating System	lenovo	thinkpad_s2_yoga_gen_6_firmware	< 1.30	Yes
Hardware	lenovo	thinkpad_s2_yoga_gen_6	-	No
Operating System	lenovo	thinkpad_s2_yoga_gen_7_firmware	< 1.19	Yes
Hardware	lenovo	thinkpad_s2_yoga_gen_7	-	No
Operating System	lenovo	thinkpad_x13_gen_2_firmware	< 1.37	Yes
Hardware	lenovo	thinkpad_x13_gen_2	-	No

References

https://support.lenovo.com/us/en/product_security/LEN-134879 Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-134879 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)