CVE-2023-4029

A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
lenovok14_type_21cu_firmware
𝑥
< 1.12
lenovok14_type_21cv_firmware
𝑥
< 1.12
lenovothinkpad_s2_yoga_gen_8_firmware
𝑥
< 1.10
lenovothinkpad_e14_gen_3_firmware
𝑥
< 1.15
lenovothinkpad_e15_gen_3_firmware
𝑥
< 1.15
lenovothinkpad_l13_gen_2_firmware
𝑥
< 1.30
lenovothinkpad_l13_gen_3_firmware
𝑥
< 1.19
lenovothinkpad_l13_gen_4_firmware
𝑥
< 1.10
lenovothinkpad_l13_yoga_gen_4_firmware
𝑥
< 1.10
lenovothinkpad_l13_yoga_gen_2_firmware
𝑥
< 1.30
lenovothinkpad_l13_yoga_gen_3_firmware
𝑥
< 1.19
lenovothinkpad_l14_gen_2_firmware
𝑥
< 1.28
lenovothinkpad_l14_gen_3_firmware
𝑥
< 1.23
lenovothinkpad_l14_gen_4_firmware
𝑥
< 1.06
lenovothinkpad_l15_gen_2_firmware
𝑥
< 1.28
lenovothinkpad_l15_gen_3_firmware
𝑥
< 1.23
lenovothinkpad_l15_gen_4_firmware
𝑥
< 1.06
lenovothinkpad_p14s_gen_2_firmware
𝑥
< 1.34
lenovothinkpad_t14_gen_2_firmware
𝑥
< 1.34
lenovothinkpad_t14s_gen_2_firmware
𝑥
< 1.37
lenovothinkpad_s2_gen_6_firmware
𝑥
< 1.30
lenovothinkpad_s2_gen_7_firmware
𝑥
< 1.19
lenovothinkpad_s2_gen_8_firmware
𝑥
< 1.10
lenovothinkpad_s2_yoga_gen_6_firmware
𝑥
< 1.30
lenovothinkpad_s2_yoga_gen_7_firmware
𝑥
< 1.19
lenovothinkpad_x13_gen_2_firmware
𝑥
< 1.37
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
lenovothinkpad
𝑥
< *
ADP
Common Weakness Enumeration
References
https://support.lenovo.com/us/en/product_security/LEN-134879
https://support.lenovo.com/us/en/product_security/LEN-134879