Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-45079

A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 6.7, requiring local system access to exploit with relatively low complexity without requiring user interaction . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 122 products from lenovo, from lenovo, from lenovo and 119 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2023, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2023-11-08T23:15:11.617

Last Modified

2024-11-21T08:26:21.217

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	ideacentre_c5-14imb05_firmware	< o4hkt3ca	Yes
Hardware	lenovo	ideacentre_c5-14imb05	-	No
Operating System	lenovo	ideacentre_3-07ada05_firmware	< o4fkt39a	Yes
Hardware	lenovo	ideacentre_3-07ada05	-	No
Operating System	lenovo	ideacentre_3-07imb05_firmware	< m2vkt21a	Yes
Hardware	lenovo	ideacentre_3-07imb05	-	No
Operating System	lenovo	ideacentre_g5-14imb05_firmware	< o4hkt3ca	Yes
Hardware	lenovo	ideacentre_g5-14imb05	-	No
Operating System	lenovo	ideacentre_5-14iob6_firmware	< m3gkt3da	Yes
Hardware	lenovo	ideacentre_5-14iob6	-	No
Operating System	lenovo	ideacentre_creator_5-14iob6_firmware	< m3gkt3da	Yes
Hardware	lenovo	ideacentre_creator_5-14iob6	-	No
Operating System	lenovo	ideacentre_g5-14amr05_firmware	< o4zkt2ba	Yes
Hardware	lenovo	ideacentre_g5-14amr05	-	No
Operating System	lenovo	ideacentre_g5-14imb05_firmware	< o4hkt3ca	Yes
Hardware	lenovo	ideacentre_g5-14imb05	-	No
Operating System	lenovo	ideacentre_gaming_5-14iob6_firmware	< m3gkt3da	Yes
Hardware	lenovo	ideacentre_gaming_5-14iob6	-	No
Operating System	lenovo	ideacentre_mini_5_01iaq7_firmware	< o53kt10a	Yes
Hardware	lenovo	ideacentre_mini_5_01iaq7	-	No
Operating System	lenovo	ideacentre_mini_5-01imh05_firmware	< o4ekt1ba	Yes
Hardware	lenovo	ideacentre_mini_5-01imh05	-	No
Operating System	lenovo	legion_t7-34imz5_firmware	< o5fkt17a	Yes
Hardware	lenovo	legion_t7-34imz5	-	No
Operating System	lenovo	thinkcentre_m625q_firmware	< m1wkt52a	Yes
Hardware	lenovo	thinkcentre_m625q	-	No
Operating System	lenovo	thinkcentre_m630e_firmware	-	Yes
Hardware	lenovo	thinkcentre_m630e	-	No
Operating System	lenovo	thinkcentre_m70a_firmware	< m2skt29a	Yes
Hardware	lenovo	thinkcentre_m70a	-	No
Operating System	lenovo	thinkcentre_m920z_all-in-one_firmware	< m1mkt56a	Yes
Hardware	lenovo	thinkcentre_m920z_all-in-one	-	No
Operating System	lenovo	thinkcentre_m920x_firmware	< m1ukt72a	Yes
Hardware	lenovo	thinkcentre_m920x	-	No
Operating System	lenovo	thinkcentre_m920t_firmware	< m1ukt72a	Yes
Hardware	lenovo	thinkcentre_m920t	-	No
Operating System	lenovo	thinkcentre_m920s_firmware	< m1ukt72a	Yes
Hardware	lenovo	thinkcentre_m920s	-	No
Operating System	lenovo	thinkcentre_m920q_firmware	< m1ukt72a	Yes
Hardware	lenovo	thinkcentre_m920q	-	No
Operating System	lenovo	thinkcentre_m90t_firmware	< m2tkt55a	Yes
Hardware	lenovo	thinkcentre_m90t	-	No
Operating System	lenovo	thinkcentre_m90s_firmware	< m2tkt55a	Yes
Hardware	lenovo	thinkcentre_m90s	-	No
Operating System	lenovo	thinkcentre_m90q_tiny_firmware	< m2wkt5aa	Yes
Hardware	lenovo	thinkcentre_m90q_tiny	-	No
Operating System	lenovo	thinkcentre_m90a_firmware	< m2rkt57a	Yes
Hardware	lenovo	thinkcentre_m90a	-	No
Operating System	lenovo	thinkcentre_m820z_all-in-one_firmware	< m1nkt62a	Yes
Hardware	lenovo	thinkcentre_m820z_all-in-one	-	No
Operating System	lenovo	thinkcentre_m80t_firmware	< m2tkt55a	Yes
Hardware	lenovo	thinkcentre_m80t	-	No
Operating System	lenovo	thinkcentre_m80s_firmware	< m2tkt55a	Yes
Hardware	lenovo	thinkcentre_m80s	-	No
Operating System	lenovo	thinkcentre_m80q_firmware	< m2wkt5aa	Yes
Hardware	lenovo	thinkcentre_m80q	-	No
Operating System	lenovo	thinkcentre_m75t_gen_2_firmware	-	Yes
Hardware	lenovo	thinkcentre_m75t_gen_2	-	No
Operating System	lenovo	thinkcentre_m75s_gen_2_firmware	-	Yes
Hardware	lenovo	thinkcentre_m75s_gen_2	-	No
Operating System	lenovo	thinkcentre_m75q_gen_2_firmware	< m47kt30a	Yes
Hardware	lenovo	thinkcentre_m75q_gen_2	-	No
Operating System	lenovo	thinkcentre_m75n_firmware	< m33kt27a	Yes
Hardware	lenovo	thinkcentre_m75n	-	No
Operating System	lenovo	thinkcentre_m720t_firmware	< m1ukt72a	Yes
Hardware	lenovo	thinkcentre_m720t	-	No
Operating System	lenovo	thinkcentre_m720s_firmware	< m1ukt72a	Yes
Hardware	lenovo	thinkcentre_m720s	-	No
Operating System	lenovo	thinkcentre_m720q_firmware	< m1ukt72a	Yes
Hardware	lenovo	thinkcentre_m720q	-	No
Operating System	lenovo	thinkcentre_m70t_firmware	< m2tkt55a	Yes
Hardware	lenovo	thinkcentre_m70t	-	No
Operating System	lenovo	thinkcentre_m70s_firmware	< m2tkt55a	Yes
Hardware	lenovo	thinkcentre_m70s	-	No
Operating System	lenovo	thinkcentre_m70q_firmware	< m2wkt5aa	Yes
Hardware	lenovo	thinkcentre_m70q	-	No
Operating System	lenovo	thinkcentre_m70c_firmware	< m2vkt21a	Yes
Hardware	lenovo	thinkcentre_m70c	-	No
Operating System	lenovo	v50t-13iob_g2_firmware	< m3gkt3da	Yes
Hardware	lenovo	v50t-13iob_g2	-	No
Operating System	lenovo	v55t_gen_2_13acn_firmware	< o5jkt23a	Yes
Hardware	lenovo	v55t_gen_2_13acn	-	No
Operating System	lenovo	v50t-13imh_firmware	< m4pkt13a	Yes
Hardware	lenovo	v50t-13imh	-	No
Operating System	lenovo	v50t-13imb_firmware	< o4hkt3ca	Yes
Hardware	lenovo	v50t-13imb	-	No
Operating System	lenovo	v50s-07imb_firmware	< m2vkt21a	Yes
Hardware	lenovo	v50s-07imb	-	No
Operating System	lenovo	v50a-24imb_firmware	< m36kt32a	Yes
Hardware	lenovo	v50a-24imb	-	No
Operating System	lenovo	v50a-22imb_firmware	< m36kt32a	Yes
Hardware	lenovo	v50a-22imb	-	No
Operating System	lenovo	v30a-24iml_firmware	< m37kt31a	Yes
Hardware	lenovo	v30a-24iml	-	No
Operating System	lenovo	v30a-22iml_firmware	< m37kt31a	Yes
Hardware	lenovo	v30a-22iml	-	No
Operating System	lenovo	thinkcentre_m70c_firmware	< m2vkt21a	Yes
Hardware	lenovo	thinkcentre_m70c	-	No
Operating System	lenovo	thinkedge_se30_firmware	< m3fkt2da	Yes
Hardware	lenovo	thinkedge_se30	-	No
Operating System	lenovo	thinkstation_p920_workstation_firmware	-	Yes
Hardware	lenovo	thinkstation_p920_workstation	-	No
Operating System	lenovo	thinkstation_p720_workstation_firmware	-	Yes
Hardware	lenovo	thinkstation_p720_workstation	-	No
Operating System	lenovo	thinkstation_p520c_workstation_firmware	-	Yes
Hardware	lenovo	thinkstation_p520c_workstation	-	No
Operating System	lenovo	thinkstation_p520_workstation_firmware	-	Yes
Hardware	lenovo	thinkstation_p520_workstation	-	No
Operating System	lenovo	thinkstation_p360_workstation_firmware	-	Yes
Hardware	lenovo	thinkstation_p360_workstation	-	No
Operating System	lenovo	thinkstation_p360_workstation_firmware	< s0ekt45a	Yes
Hardware	lenovo	thinkstation_p360_workstation	-	No
Operating System	lenovo	thinkstation_p350_workstation_firmware	-	Yes
Hardware	lenovo	thinkstation_p350_workstation	-	No
Operating System	lenovo	thinkstation_p348_workstation_firmware	< m3kkt3ba	Yes
Hardware	lenovo	thinkstation_p348_workstation	-	No
Operating System	lenovo	thinkstation_p340_workstation_firmware	< s08kt55a	Yes
Hardware	lenovo	thinkstation_p340_workstation	-	No
Operating System	lenovo	thinkstation_p340_tiny_workstation_firmware	< m2wkt5aa	Yes
Hardware	lenovo	thinkstation_p340_tiny_workstation	-	No
Operating System	lenovo	thinkstation_p330_workstation_2nd_gen_firmware	< m1vkt72a	Yes
Hardware	lenovo	thinkstation_p330_workstation_2nd_gen	-	No
Operating System	lenovo	thinkstation_p330_workstation_firmware	< m1vkt72a	Yes
Hardware	lenovo	thinkstation_p330_workstation	-	No
Operating System	lenovo	thinkstation_p330_tiny_workstation_firmware	< m1ukt72a	Yes
Hardware	lenovo	thinkstation_p330_tiny_workstation	-	No
Operating System	lenovo	thinkstation_p320_workstation_firmware	< s06kt64a	Yes
Hardware	lenovo	thinkstation_p320_workstation	-	No

References

https://support.lenovo.com/us/en/product_security/LEN-141775 Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-141775 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For lenovo's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.