CVE-2023-4028

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-4028
A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

6.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.lenovo.com/us/en/product_security/LEN-134879 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:h:lenovo:13w_yoga:-:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:13w_yoga_firmware:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:lenovo:13w_yoga_gen_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:13w_yoga_gen_2:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:lenovo:ideapad_1-11ada05_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:ideapad_1-11ada05:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:lenovo:ideapad_1-11igl05_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:ideapad_1-11igl05:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:lenovo:ideapad_1-14ada05_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:ideapad_1-14ada05:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:lenovo:ideapad_1-14igl05_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:ideapad_1-14igl05:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:lenovo:flex_5-14alc05_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_5-14alc05:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:lenovo:flex_5-14are05_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_5-14are05:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:lenovo:flex_5-14iil05_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_5-14iil05:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:lenovo:flex_5-14itl05_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_5-14itl05:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:lenovo:flex_5-15alc05_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_5-15alc05:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:lenovo:flex_5-15iil05_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_5-15iil05:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:lenovo:flex_5-15itl05_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_5-15itl05:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:lenovo:ideapad_flex_5_14abr8_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:ideapad_flex_5_14abr8:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:lenovo:ideapad_flex_5_14alc7_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:ideapad_flex_5_14alc7:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:lenovo:ideapad_flex_5_14iau7_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:ideapad_flex_5_14iau7:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:lenovo:ideapad_flex_5_14iru8_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:ideapad_flex_5_14iru8:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:lenovo:ideapad_flex_5_16abr8_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:ideapad_flex_5_16abr8:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:lenovo:ideapad_flex_5_16alc7_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:ideapad_flex_5_16alc7:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:lenovo:ideapad_flex_5_16iau7_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:ideapad_flex_5_16iau7:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:lenovo:ideapad_flex_5_16iru8_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:ideapad_flex_5_16iru8:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:lenovo:flex_7_14iru8_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_7_14iru8:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:lenovo:thinkbook_13s_g2_are_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkbook_13s_g2_are:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:lenovo:thinkbook_13s_g2_itl_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkbook_13s_g2_itl:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:lenovo:thinkbook_13s_g3_acn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkbook_13s_g3_acn:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:lenovo:thinkbook_13s_g4_iap_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkbook_13s_g4_iap:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:lenovo:thinkbook_13x_g2_iap_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkbook_13x_g2_iap:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:lenovo:thinkbook_14s_g2_itl_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkbook_14s_g2_itl:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:lenovo:yoga_9-15imh5_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:yoga_9-15imh5:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2023-08-17 17:15

Updated : 2023-08-24 17:53

NVD link : CVE-2023-4028

Mitre link : CVE-2023-4028

CVE.ORG link : CVE-2023-4028

JSON object : View

Products Affected

lenovo

  • thinkbook_13s_g2_are
  • ideapad_flex_5_16abr8
  • thinkbook_14s_g2_itl
  • flex_5-14iil05
  • flex_5-14itl05_firmware
  • ideapad_flex_5_16iru8_firmware
  • yoga_9-15imh5
  • thinkbook_13s_g3_acn
  • flex_5-15alc05_firmware
  • thinkbook_13x_g2_iap_firmware
  • ideapad_flex_5_14abr8
  • flex_5-15alc05
  • thinkbook_13s_g2_itl
  • yoga_9-15imh5_firmware
  • ideapad_flex_5_16iru8
  • thinkbook_13s_g2_itl_firmware
  • flex_5-14itl05
  • flex_5-14alc05
  • ideapad_flex_5_14iru8
  • ideapad_flex_5_16alc7_firmware
  • thinkbook_13s_g3_acn_firmware
  • ideapad_1-11igl05_firmware
  • ideapad_1-14ada05
  • flex_5-15iil05
  • ideapad_flex_5_16alc7
  • 13w_yoga_gen_2_firmware
  • thinkbook_13s_g4_iap
  • flex_5-15itl05_firmware
  • ideapad_flex_5_14iau7_firmware
  • ideapad_flex_5_16abr8_firmware
  • ideapad_flex_5_16iau7_firmware
  • ideapad_1-11ada05
  • ideapad_1-11igl05
  • thinkbook_14s_g2_itl_firmware
  • flex_5-15itl05
  • ideapad_1-11ada05_firmware
  • ideapad_flex_5_14alc7
  • ideapad_flex_5_14alc7_firmware
  • ideapad_flex_5_14iau7
  • ideapad_flex_5_16iau7
  • 13w_yoga
  • ideapad_1-14igl05
  • ideapad_1-14ada05_firmware
  • flex_5-15iil05_firmware
  • ideapad_flex_5_14iru8_firmware
  • flex_7_14iru8
  • thinkbook_13s_g4_iap_firmware
  • flex_5-14are05
  • ideapad_flex_5_14abr8_firmware
  • 13w_yoga_gen_2
  • thinkbook_13x_g2_iap
  • flex_5-14alc05_firmware
  • flex_7_14iru8_firmware
  • 13w_yoga_firmware
  • flex_5-14iil05_firmware
  • flex_5-14are05_firmware
  • thinkbook_13s_g2_are_firmware
  • ideapad_1-14igl05_firmware
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')