Skip to main content

Ideacentre C5 14Imb05 Firmware CVE-2023-45079

MEDIUM
Out-of-bounds Read (CWE-125)
2023-11-08 psirt@lenovo.com
Buffer Overflow Information Disclosure Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware Ideacentre 3 07Imb05 Firmware Ideacentre G5 14Imb05 Firmware Ideacentre 5 14Iob6 Firmware Ideacentre Creator 5 14Iob6 Firmware Ideacentre G5 14Amr05 Firmware Ideacentre Gaming 5 14Iob6 Firmware Ideacentre Mini 5 01Iaq7 Firmware Ideacentre Mini 5 01Imh05 Firmware Legion T7 34Imz5 Firmware Thinkcentre M625Q Firmware Thinkcentre M630E Firmware Thinkcentre M70A Firmware Thinkcentre M920Z All In One Firmware Thinkcentre M920X Firmware Thinkcentre M920T Firmware Thinkcentre M920S Firmware Thinkcentre M920Q Firmware Thinkcentre M90T Firmware Thinkcentre M90S Firmware Thinkcentre M90Q Tiny Firmware Thinkcentre M90A Firmware Thinkcentre M820Z All In One Firmware Thinkcentre M80T Firmware Thinkcentre M80S Firmware Thinkcentre M80Q Firmware Thinkcentre M75T Gen 2 Firmware Thinkcentre M75S Gen 2 Firmware Thinkcentre M75Q Gen 2 Firmware Thinkcentre M75N Firmware Thinkcentre M720T Firmware Thinkcentre M720S Firmware Thinkcentre M720Q Firmware Thinkcentre M70T Firmware Thinkcentre M70S Firmware Thinkcentre M70Q Firmware Thinkcentre M70C Firmware V50T 13Iob G2 Firmware V55T Gen 2 13Acn Firmware V50T 13Imh Firmware V50T 13Imb Firmware V50S 07Imb Firmware V50A 24Imb Firmware V50A 22Imb Firmware V30A 24Iml Firmware V30A 22Iml Firmware Thinkedge Se30 Firmware Thinkstation P920 Workstation Firmware Thinkstation P720 Workstation Firmware Thinkstation P520C Workstation Firmware Thinkstation P520 Workstation Firmware Thinkstation P360 Workstation Firmware Thinkstation P350 Workstation Firmware Thinkstation P348 Workstation Firmware Thinkstation P340 Workstation Firmware Thinkstation P340 Tiny Workstation Firmware Thinkstation P330 Workstation 2Nd Gen Firmware Thinkstation P330 Workstation Firmware Thinkstation P330 Tiny Workstation Firmware Thinkstation P320 Workstation Firmware
6.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 08, 2023 - 23:15 nvd
MEDIUM 6.7

DescriptionNVD

A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

AnalysisAI

A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. Affected products include: Lenovo Ideacentre C5-14Imb05 Firmware, Lenovo Ideacentre 3-07Ada05 Firmware, Lenovo Ideacentre 3-07Imb05 Firmware, Lenovo Ideacentre G5-14Imb05 Firmware, Lenovo Ideacentre 5-14Iob6 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2023-45078 MEDIUM
6.7 Nov 08

A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with el

CVE-2023-45077 MEDIUM
6.7 Nov 08

A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated pri

CVE-2023-45076 MEDIUM
6.7 Nov 08

A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated pri

CVE-2023-45075 MEDIUM
6.7 Nov 08

A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated

CVE-2023-43581 MEDIUM
6.7 Nov 08

A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker

CVE-2023-43580 MEDIUM
6.7 Nov 08

A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacke

CVE-2023-43579 MEDIUM
6.7 Nov 08

A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker w

CVE-2023-43578 MEDIUM
6.7 Nov 08

A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker wi

CVE-2023-43577 MEDIUM
6.7 Nov 08

A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker wit

CVE-2023-43576 MEDIUM
6.7 Nov 08

A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker wi

CVE-2023-43575 MEDIUM
6.7 Nov 08

A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local a

CVE-2023-43573 MEDIUM
6.7 Nov 08

A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may al

Share

CVE-2023-45079 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy