CVE-2023-4028
Summary
| CVE | CVE-2023-4028 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-08-17 17:15:00 UTC |
| Updated | 2023-08-24 17:53:00 UTC |
| Description | A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code. |
Risk And Classification
Problem Types: CWE-120
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Lenovo | 13w Yoga | - | All | All | All |
| Operating System | Lenovo | 13w Yoga Firmware | All | All | All | All |
| Hardware | Lenovo | 13w Yoga Gen 2 | - | All | All | All |
| Operating System | Lenovo | 13w Yoga Gen 2 Firmware | All | All | All | All |
| Hardware | Lenovo | Flex 5-14alc05 | - | All | All | All |
| Operating System | Lenovo | Flex 5-14alc05 Firmware | All | All | All | All |
| Hardware | Lenovo | Flex 5-14are05 | - | All | All | All |
| Operating System | Lenovo | Flex 5-14are05 Firmware | All | All | All | All |
| Hardware | Lenovo | Flex 5-14iil05 | - | All | All | All |
| Operating System | Lenovo | Flex 5-14iil05 Firmware | All | All | All | All |
| Hardware | Lenovo | Flex 5-14itl05 | - | All | All | All |
| Operating System | Lenovo | Flex 5-14itl05 Firmware | All | All | All | All |
| Hardware | Lenovo | Flex 5-15alc05 | - | All | All | All |
| Operating System | Lenovo | Flex 5-15alc05 Firmware | All | All | All | All |
| Hardware | Lenovo | Flex 5-15iil05 | - | All | All | All |
| Operating System | Lenovo | Flex 5-15iil05 Firmware | All | All | All | All |
| Hardware | Lenovo | Flex 5-15itl05 | - | All | All | All |
| Operating System | Lenovo | Flex 5-15itl05 Firmware | All | All | All | All |
| Hardware | Lenovo | Flex 7 14iru8 | - | All | All | All |
| Operating System | Lenovo | Flex 7 14iru8 Firmware | All | All | All | All |
| Hardware | Lenovo | Ideapad 1-11ada05 | - | All | All | All |
| Operating System | Lenovo | Ideapad 1-11ada05 Firmware | All | All | All | All |
| Hardware | Lenovo | Ideapad 1-11igl05 | - | All | All | All |
| Operating System | Lenovo | Ideapad 1-11igl05 Firmware | All | All | All | All |
| Hardware | Lenovo | Ideapad 1-14ada05 | - | All | All | All |
| Operating System | Lenovo | Ideapad 1-14ada05 Firmware | All | All | All | All |
| Hardware | Lenovo | Ideapad 1-14igl05 | - | All | All | All |
| Operating System | Lenovo | Ideapad 1-14igl05 Firmware | All | All | All | All |
| Hardware | Lenovo | Ideapad Flex 5 14abr8 | - | All | All | All |
| Operating System | Lenovo | Ideapad Flex 5 14abr8 Firmware | All | All | All | All |
| Hardware | Lenovo | Ideapad Flex 5 14alc7 | - | All | All | All |
| Operating System | Lenovo | Ideapad Flex 5 14alc7 Firmware | All | All | All | All |
| Hardware | Lenovo | Ideapad Flex 5 14iau7 | - | All | All | All |
| Operating System | Lenovo | Ideapad Flex 5 14iau7 Firmware | All | All | All | All |
| Hardware | Lenovo | Ideapad Flex 5 14iru8 | - | All | All | All |
| Operating System | Lenovo | Ideapad Flex 5 14iru8 Firmware | All | All | All | All |
| Hardware | Lenovo | Ideapad Flex 5 16abr8 | - | All | All | All |
| Operating System | Lenovo | Ideapad Flex 5 16abr8 Firmware | All | All | All | All |
| Hardware | Lenovo | Ideapad Flex 5 16alc7 | - | All | All | All |
| Operating System | Lenovo | Ideapad Flex 5 16alc7 Firmware | All | All | All | All |
| Hardware | Lenovo | Ideapad Flex 5 16iau7 | - | All | All | All |
| Operating System | Lenovo | Ideapad Flex 5 16iau7 Firmware | All | All | All | All |
| Hardware | Lenovo | Ideapad Flex 5 16iru8 | - | All | All | All |
| Operating System | Lenovo | Ideapad Flex 5 16iru8 Firmware | All | All | All | All |
| Hardware | Lenovo | Thinkbook 13s G2 Are | - | All | All | All |
| Operating System | Lenovo | Thinkbook 13s G2 Are Firmware | All | All | All | All |
| Hardware | Lenovo | Thinkbook 13s G2 Itl | - | All | All | All |
| Operating System | Lenovo | Thinkbook 13s G2 Itl Firmware | All | All | All | All |
| Hardware | Lenovo | Thinkbook 13s G3 Acn | - | All | All | All |
| Operating System | Lenovo | Thinkbook 13s G3 Acn Firmware | All | All | All | All |
| Hardware | Lenovo | Thinkbook 13s G4 Iap | - | All | All | All |
| Operating System | Lenovo | Thinkbook 13s G4 Iap Firmware | All | All | All | All |
| Hardware | Lenovo | Thinkbook 13x G2 Iap | - | All | All | All |
| Operating System | Lenovo | Thinkbook 13x G2 Iap Firmware | All | All | All | All |
| Hardware | Lenovo | Thinkbook 14s G2 Itl | - | All | All | All |
| Operating System | Lenovo | Thinkbook 14s G2 Itl Firmware | All | All | All | All |
| Hardware | Lenovo | Yoga 9-15imh5 | - | All | All | All |
| Operating System | Lenovo | Yoga 9-15imh5 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Multi-vendor BIOS Security Vulnerabilities (August 2023) - Lenovo Support US | MISC | support.lenovo.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.