CVE-2024-23594

EUVD-2024-21088
A buffer overflow vulnerability was reported

in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014


 that could allow a privileged attacker with local access to execute arbitrary code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
lenovopreload_directory
7 ≤
𝑥
≤ 8
ADP
Windows Releases
Platform
Version
Windows 10
1809 (arm64, x64, x86)
KB5036896
21H2 (arm64, x64, x86)
KB5036892
22H2 (arm64, x64, x86)
KB5036892
Windows 11
21H2 (arm64, x64)
KB5036894
22H2 (arm64, x64)
KB5036893
23H2 (arm64, x64)
KB5036893
Windows Server 2019
Server Core
KB5036896
Standard
KB5036896
Windows Server 2022
23H2 Server Core
KB5036910
Server Core
KB5036909
Standard
KB5036909
Common Weakness Enumeration
References
https://support.lenovo.com/us/en/product_security/LEN-132277
https://support.lenovo.com/us/en/product_security/LEN-132277