Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-43578

A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 6.7, requiring local system access to exploit with relatively low complexity without requiring user interaction . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 222 products from lenovo, from lenovo, from lenovo and 219 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2023, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2023-11-08T23:15:10.020

Last Modified

2024-11-21T08:24:25.147

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	ideacentre_c5-14imb05_firmware	< o4hkt3ca	Yes
Hardware	lenovo	ideacentre_c5-14imb05	-	No
Operating System	lenovo	ideacentre_3-07ada05_firmware	< o4fkt39a	Yes
Hardware	lenovo	ideacentre_3-07ada05	-	No
Operating System	lenovo	ideacentre_3-07imb05_firmware	< m2vkt21a	Yes
Hardware	lenovo	ideacentre_3-07imb05	-	No
Operating System	lenovo	ideacentre_5_14iab7_firmware	< m42kt46a	Yes
Hardware	lenovo	ideacentre_5_14iab7	-	No
Operating System	lenovo	ideacentre_5_14irb8_firmware	< m4ukt36a	Yes
Hardware	lenovo	ideacentre_5_14irb8	-	No
Operating System	lenovo	ideacentre_5-14acn6_firmware	-	Yes
Hardware	lenovo	ideacentre_5-14acn6	-	No
Operating System	lenovo	ideacentre_t540-15ama_g_firmware	-	Yes
Hardware	lenovo	ideacentre_t540-15ama_g	-	No
Operating System	lenovo	thinkcentre_neo_70t_gen_3_firmware	< m40kt45a	Yes
Hardware	lenovo	thinkcentre_neo_70t_gen_3	-	No
Operating System	lenovo	thinkcentre_neo_50t_gen_3_firmware	< m42kt46a	Yes
Hardware	lenovo	thinkcentre_neo_50t_gen_3	-	No
Operating System	lenovo	thinkcentre_neo_50a_24_gen_4_firmware	< o5xkt18a	Yes
Hardware	lenovo	thinkcentre_neo_50a_24_gen_4	-	No
Operating System	lenovo	thinkcentre_neo_50a_24_gen_3_firmware	< o5rkt41a	Yes
Hardware	lenovo	thinkcentre_neo_50a_24_gen_3	-	No
Operating System	lenovo	thinkcentre_neo_30a_27_gen_4_firmware	< o5nkt33a	Yes
Operating System	lenovo	thinkcentre_neo_30a_27_gen_4_firmware	o5nkt33a	Yes
Hardware	lenovo	thinkcentre_neo_30a_27_gen_4	-	No
Operating System	lenovo	thinkcentre_neo_30a_27_gen_3_firmware	< o5nkt33a	Yes
Hardware	lenovo	thinkcentre_neo_30a_27_gen_3	-	No
Operating System	lenovo	thinkcentre_neo_30a_24_gen_4_firmware	< o5nkt33a	Yes
Hardware	lenovo	thinkcentre_neo_30a_24_gen_4	-	No
Operating System	lenovo	thinkcentre_neo_30a_24_gen_3_firmware	< o5nkt33a	Yes
Hardware	lenovo	thinkcentre_neo_30a_24_gen_3	-	No
Operating System	lenovo	thinkcentre_neo_30a_22_gen_4_firmware	< o5nkt33a	Yes
Hardware	lenovo	thinkcentre_neo_30a_22_gen_4	-	No
Operating System	lenovo	thinkcentre_neo_30a_22_gen_3_firmware	< o5nkt33a	Yes
Hardware	lenovo	thinkcentre_neo_30a_22_gen_3	-	No
Operating System	lenovo	thinkcentre_m920z_all-in-one_firmware	< m1mkt56a	Yes
Hardware	lenovo	thinkcentre_m920z_all-in-one	-	No
Operating System	lenovo	thinkcentre_m90t_gen_3_firmware	< m40kt45a	Yes
Hardware	lenovo	thinkcentre_m90t_gen_3	-	No
Operating System	lenovo	thinkcentre_m90t_firmware	< m2tkt55a	Yes
Hardware	lenovo	thinkcentre_m90t	-	No
Operating System	lenovo	thinkcentre_m90s_gen_3_firmware	< m40kt45a	Yes
Hardware	lenovo	thinkcentre_m90s_gen_3	-	No
Operating System	lenovo	thinkcentre_m90s_firmware	< m2tkt55a	Yes
Hardware	lenovo	thinkcentre_m90s	-	No
Operating System	lenovo	thinkcentre_m90q_tiny_firmware	-	Yes
Hardware	lenovo	thinkcentre_m90q_tiny	-	No
Operating System	lenovo	thinkcentre_m90q_gen_3_firmware	-	Yes
Hardware	lenovo	thinkcentre_m90q_gen_3	-	No
Operating System	lenovo	thinkcentre_m90q_gen_2_firmware	-	Yes
Hardware	lenovo	thinkcentre_m90q_gen_2	-	No
Operating System	lenovo	thinkcentre_m90a_pro_gen_3_firmware	< m4hkt1da	Yes
Hardware	lenovo	thinkcentre_m90a_pro_gen_3	-	No
Operating System	lenovo	thinkcentre_m90a_gen_3_firmware	< m4ikt1da	Yes
Hardware	lenovo	thinkcentre_m90a_gen_3	-	No
Operating System	lenovo	thinkcentre_m90a_gen_2_firmware	< m3lkt2aa	Yes
Hardware	lenovo	thinkcentre_m90a_gen_2	-	No
Operating System	lenovo	thinkcentre_m90a_firmware	< m2rkt57a	Yes
Hardware	lenovo	thinkcentre_m90a	-	No
Operating System	lenovo	thinkcentre_m80t_gen_3_firmware	< m40kt45a	Yes
Hardware	lenovo	thinkcentre_m80t_gen_3	-	No
Operating System	lenovo	thinkcentre_m80t_firmware	< m2tkt55a	Yes
Hardware	lenovo	thinkcentre_m80t	-	No
Operating System	lenovo	thinkcentre_m80s_gen_3_firmware	< m40kt45a	Yes
Hardware	lenovo	thinkcentre_m80s_gen_3	-	No
Operating System	lenovo	thinkcentre_m80s_firmware	< m2tkt55a	Yes
Hardware	lenovo	thinkcentre_m80s	-	No
Operating System	lenovo	thinkcentre_m80q_gen_3_firmware	-	Yes
Hardware	lenovo	thinkcentre_m80q_gen_3	-	No
Operating System	lenovo	thinkcentre_m80q_firmware	-	Yes
Hardware	lenovo	thinkcentre_m80q	-	No
Operating System	lenovo	thinkcentre_m75t_gen_2_firmware	-	Yes
Hardware	lenovo	thinkcentre_m75t_gen_2	-	No
Operating System	lenovo	thinkcentre_m75s_gen_2_firmware	-	Yes
Hardware	lenovo	thinkcentre_m75s_gen_2	-	No
Operating System	lenovo	thinkcentre_m75q_gen_2_firmware	-	Yes
Hardware	lenovo	thinkcentre_m75q_gen_2	-	No
Operating System	lenovo	thinkcentre_m75n_firmware	< m33kt29a	Yes
Hardware	lenovo	thinkcentre_m75n	-	No
Operating System	lenovo	thinkcentre_m70t_gen_3_firmware	< m41kt45a	Yes
Hardware	lenovo	thinkcentre_m70t_gen_3	-	No
Operating System	lenovo	thinkcentre_m70t_firmware	< m2tkt55a	Yes
Hardware	lenovo	thinkcentre_m70t	-	No
Operating System	lenovo	thinkcentre_m70s_gen_3_firmware	< m41kt45a	Yes
Hardware	lenovo	thinkcentre_m70s_gen_3	-	No
Operating System	lenovo	thinkcentre_m70s_firmware	< m2tkt55a	Yes
Hardware	lenovo	thinkcentre_m70s	-	No
Operating System	lenovo	thinkcentre_m70q_gen_2_firmware	-	Yes
Hardware	lenovo	thinkcentre_m70q_gen_2	-	No
Operating System	lenovo	thinkcentre_m70q_firmware	-	Yes
Hardware	lenovo	thinkcentre_m70q	-	No
Operating System	lenovo	thinkcentre_m70c_firmware	< m2vkt21a	Yes
Hardware	lenovo	thinkcentre_m70c	-	No
Operating System	lenovo	thinkcentre_m70a_gen_3_firmware	-	Yes
Hardware	lenovo	thinkcentre_m70a_gen_3	-	No
Operating System	lenovo	thinkcentre_m630e_firmware	< m28kt42a	Yes
Hardware	lenovo	thinkcentre_m630e	-	No
Operating System	lenovo	thinkcentre_m625q_firmware	-	Yes
Hardware	lenovo	thinkcentre_m625q	-	No
Operating System	lenovo	loq_17irb8_firmware	< m4ukt36a	Yes
Hardware	lenovo	loq_17irb8	-	No
Operating System	lenovo	legion_t5_26iab7_firmware	< o5lkt2ba	Yes
Hardware	lenovo	legion_t5_26iab7	-	No
Operating System	lenovo	legion_t7-34imz5_firmware	< o5fkt17a	Yes
Hardware	lenovo	legion_t7-34imz5	-	No
Operating System	lenovo	legion_t7-34iaz7_firmware	< o5hkt2ca	Yes
Hardware	lenovo	legion_t7-34iaz7	-	No
Operating System	lenovo	legion_t7_34irz8_firmware	< o5ukt1fa	Yes
Hardware	lenovo	legion_t7_34irz8	-	No
Operating System	lenovo	legion_t5_26irb8_firmware	< o5tkt1ca	Yes
Hardware	lenovo	legion_t5_26irb8	-	No
Operating System	lenovo	ideacentre_mini_5-01imh05_firmware	-	Yes
Hardware	lenovo	ideacentre_mini_5-01imh05	-	No
Operating System	lenovo	ideacentre_mini_5_01iaq7_firmware	< o53kt10a	Yes
Hardware	lenovo	ideacentre_mini_5_01iaq7	-	No
Operating System	lenovo	ideacentre_gaming_5-14iob6_firmware	< m3gkt3da	Yes
Hardware	lenovo	ideacentre_gaming_5-14iob6	-	No
Operating System	lenovo	ideacentre_gaming_5-14acn6_firmware	-	Yes
Hardware	lenovo	ideacentre_gaming_5-14acn6	-	No
Operating System	lenovo	ideacentre_gaming_5_17iab7_firmware	< m42kt46a	Yes
Hardware	lenovo	ideacentre_gaming_5_17iab7	-	No
Operating System	lenovo	ideacentre_gaming_5_17acn7_firmware	-	Yes
Hardware	lenovo	ideacentre_gaming_5_17acn7	-	No
Operating System	lenovo	ideacentre_g5-14imb05_firmware	< o4hkt3ca	Yes
Hardware	lenovo	ideacentre_g5-14imb05	-	No
Operating System	lenovo	ideacentre_g5-14amr05_firmware	< o4zkt2ba	Yes
Hardware	lenovo	ideacentre_g5-14amr05	-	No
Operating System	lenovo	ideacentre_creator_5-14iob6_firmware	< m3gkt3da	Yes
Hardware	lenovo	ideacentre_creator_5-14iob6	-	No
Operating System	lenovo	ideacentre_aio_5_27iah7_firmware	< o5rkt41a	Yes
Hardware	lenovo	ideacentre_aio_5_27iah7	-	No
Operating System	lenovo	ideacentre_aio_5_24iah7_firmware	< o5rkt41a	Yes
Hardware	lenovo	ideacentre_aio_5_24iah7	-	No
Operating System	lenovo	ideacentre_aio_3-27itl6_firmware	< o5akt34a	Yes
Hardware	lenovo	ideacentre_aio_3-27itl6	-	No
Operating System	lenovo	ideacentre_aio_3-27imb05_firmware	< o4rkt31a	Yes
Hardware	lenovo	ideacentre_aio_3-27imb05	-	No
Operating System	lenovo	ideacentre_aio_3-24itl6_firmware	< o5akt34a	Yes
Hardware	lenovo	ideacentre_aio_3-24itl6	-	No
Operating System	lenovo	ideacentre_aio_3-24imb05_firmware	< o4rkt31a	Yes
Hardware	lenovo	ideacentre_aio_3-24imb05	-	No
Operating System	lenovo	ideacentre_aio_3-24iil5_firmware	< o56kt24a	Yes
Hardware	lenovo	ideacentre_aio_3-24iil5	-	No
Operating System	lenovo	ideacentre_aio_3-24alc6_firmware	< o5bkt25a	Yes
Hardware	lenovo	ideacentre_aio_3-24alc6	-	No
Operating System	lenovo	ideacentre_aio_3-22itl6_firmware	< o5akt34a	Yes
Hardware	lenovo	ideacentre_aio_3-22itl6	-	No
Operating System	lenovo	ideacentre_aio_3-22imb05_firmware	< o4rkt31a	Yes
Hardware	lenovo	ideacentre_aio_3-22imb05	-	No
Operating System	lenovo	ideacentre_aio_3-22iil5_firmware	< o56kt24a	Yes
Hardware	lenovo	ideacentre_aio_3-22iil5	-	No
Operating System	lenovo	ideacentre_aio_3_27iap7_firmware	< o5nkt33a	Yes
Hardware	lenovo	ideacentre_aio_3_27iap7	-	No
Operating System	lenovo	ideacentre_aio_3_24iap7_firmware	< o5nkt33a	Yes
Hardware	lenovo	ideacentre_aio_3_24iap7	-	No
Operating System	lenovo	ideacentre_aio_3_22iap7_firmware	< o5nkt33a	Yes
Hardware	lenovo	ideacentre_aio_3_22iap7	-	No
Operating System	lenovo	ideacentre_aio_3_21itl7_firmware	< o5akt34a	Yes
Hardware	lenovo	ideacentre_aio_3_21itl7	-	No
Operating System	lenovo	ideacentre_5-14iob6_firmware	< m3gkt3da	Yes
Hardware	lenovo	ideacentre_5-14iob6	-	No
Operating System	lenovo	ideacentre_5-14imb05_firmware	< o4hkt3ca	Yes
Hardware	lenovo	ideacentre_5-14imb05	-	No
Operating System	lenovo	v30a-22iml_firmware	< m37kt31a	Yes
Hardware	lenovo	v30a-22iml	-	No
Operating System	lenovo	v30a-22itl_firmware	< o5akt34a	Yes
Hardware	lenovo	v30a-22itl	-	No
Operating System	lenovo	v30a-24iml_firmware	< m37kt31a	Yes
Hardware	lenovo	v30a-24iml	-	No
Operating System	lenovo	v30a-24itl_firmware	< o5akt34a	Yes
Hardware	lenovo	v30a-24itl	-	No
Operating System	lenovo	v50a-22imb_firmware	< m36kt32a	Yes
Hardware	lenovo	v50a-22imb	-	No
Operating System	lenovo	v50a-24imb_firmware	< m36kt32a	Yes
Hardware	lenovo	v50a-24imb	-	No
Operating System	lenovo	v50s-07imb_firmware	< m2vkt21a	Yes
Hardware	lenovo	v50s-07imb	-	No
Operating System	lenovo	v50t-13imb_firmware	< o4hkt3ca	Yes
Hardware	lenovo	v50t-13imb	-	No
Operating System	lenovo	v50t-13imh_firmware	< m4pkt16a	Yes
Hardware	lenovo	v50t-13imh	-	No
Operating System	lenovo	v50t-13iob_firmware	< m3gkt3da	Yes
Hardware	lenovo	v50t-13iob	-	No
Operating System	lenovo	v55t_gen_2_13acn_firmware	< o5jkt2ca	Yes
Hardware	lenovo	v55t_gen_2_13acn	-	No
Operating System	lenovo	yoga_aio_7_27arh7_firmware	-	Yes
Hardware	lenovo	yoga_aio_7_27arh7	-	No
Operating System	lenovo	yoga_aio_7-27arh6_firmware	-	Yes
Hardware	lenovo	yoga_aio_7-27arh6	-	No
Operating System	lenovo	thinkedge_se30_firmware	-	Yes
Hardware	lenovo	thinkedge_se30	-	No
Operating System	lenovo	thinkstation_p920_workstation_firmware	-	Yes
Hardware	lenovo	thinkstation_p920_workstation	-	No
Operating System	lenovo	thinkstation_p720_workstation_firmware	-	Yes
Hardware	lenovo	thinkstation_p720_workstation	-	No
Operating System	lenovo	thinkstation_p520c_workstation_firmware	-	Yes
Hardware	lenovo	thinkstation_p520c_workstation	-	No
Operating System	lenovo	thinkstation_p520_workstation_firmware	-	Yes
Hardware	lenovo	thinkstation_p520_workstation	-	No
Operating System	lenovo	thinkstation_p360_workstation_firmware	-	Yes
Hardware	lenovo	thinkstation_p360_workstation	-	No
Operating System	lenovo	thinkstation_p360_workstation_firmware	< s0ekt45a	Yes
Hardware	lenovo	thinkstation_p360_workstation	-	No
Operating System	lenovo	thinkstation_p360_ultra_workstation_firmware	-	Yes
Hardware	lenovo	thinkstation_p360_ultra_workstation	-	No
Operating System	lenovo	thinkstation_p360_tiny_workstation_firmware	-	Yes
Hardware	lenovo	thinkstation_p360_tiny_workstation	-	No
Operating System	lenovo	thinkstation_p358_workstation_firmware	< s0hkt23a	Yes
Hardware	lenovo	thinkstation_p358_workstation	-	No
Operating System	lenovo	thinkstation_p350_workstation_firmware	-	Yes
Hardware	lenovo	thinkstation_p350_workstation	-	No
Operating System	lenovo	thinkstation_p350_tiny_workstation_firmware	-	Yes
Hardware	lenovo	thinkstation_p350_tiny_workstation	-	No
Operating System	lenovo	thinkstation_p348_workstation_firmware	-	Yes
Hardware	lenovo	thinkstation_p348_workstation	-	No
Operating System	lenovo	thinkstation_p340_workstation_firmware	< s08kt55a	Yes
Hardware	lenovo	thinkstation_p340_workstation	-	No
Operating System	lenovo	thinkstation_p340_tiny_workstation_firmware	-	Yes
Hardware	lenovo	thinkstation_p340_tiny_workstation	-	No
Operating System	lenovo	thinkstation_p330_workstation_2nd_gen_firmware	< m1vkt73a	Yes
Hardware	lenovo	thinkstation_p330_workstation_2nd_gen	-	No
Operating System	lenovo	thinkstation_p330_workstation_firmware	< m1vkt73a	Yes
Hardware	lenovo	thinkstation_p330_workstation	-	No
Operating System	lenovo	thinkstation_p320_workstation_firmware	-	Yes
Hardware	lenovo	thinkstation_p320_workstation	-	No

References

https://support.lenovo.com/us/en/product_security/LEN-141775 Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-141775 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For lenovo's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.