Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-40136

Summary
Assigner-lenovo
Assigner Org ID-da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At-30 Jan, 2023 | 21:20
Updated At-27 Mar, 2025 | 15:25
Rejected At-
Credits

An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:lenovo
Assigner Org ID:da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At:30 Jan, 2023 | 21:20
Updated At:27 Mar, 2025 | 15:25
Rejected At:
▼CVE Numbering Authority (CNA)

An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

Affected Products
Vendor
Lenovo Group LimitedLenovo
Product
BIOS
Default Status
unaffected
Versions
Affected
  • various
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125 Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: CWE-125 Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
3.14.4MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-94953.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.lenovo.com/us/en/product_security/LEN-94953
N/A
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-94953
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.lenovo.com/us/en/product_security/LEN-94953
x_transferred
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-94953
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@lenovo.com
Published At:30 Jan, 2023 | 22:15
Updated At:15 Feb, 2023 | 15:48

An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.4MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Secondary3.14.4MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Lenovo Group Limited
lenovo
>>ideacentre_c5-14imb05_firmware>>Versions before o4hkt38a(exclusive)
cpe:2.3:o:lenovo:ideacentre_c5-14imb05_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_c5-14imb05>>-
cpe:2.3:h:lenovo:ideacentre_c5-14imb05:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkcentre_e96z_firmware>>Versions before m26kt22a(exclusive)
cpe:2.3:o:lenovo:thinkcentre_e96z_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkcentre_e96z>>-
cpe:2.3:h:lenovo:thinkcentre_e96z:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_3_07iab7_firmware>>Versions before m49kt1da(exclusive)
cpe:2.3:o:lenovo:ideacentre_3_07iab7_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_3_07iab7>>-
cpe:2.3:h:lenovo:ideacentre_3_07iab7:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_3-07imb05_firmware>>Versions before m2vkt1da(exclusive)
cpe:2.3:o:lenovo:ideacentre_3-07imb05_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_3-07imb05>>-
cpe:2.3:h:lenovo:ideacentre_3-07imb05:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_5_14iab7_firmware>>Versions before m42kt40a(exclusive)
cpe:2.3:o:lenovo:ideacentre_5_14iab7_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_5_14iab7>>-
cpe:2.3:h:lenovo:ideacentre_5_14iab7:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_5-14acn6_firmware>>Versions before o5ekt21a(exclusive)
cpe:2.3:o:lenovo:ideacentre_5-14acn6_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_5-14acn6>>-
cpe:2.3:h:lenovo:ideacentre_5-14acn6:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_5-14imb05_firmware>>Versions before o4hkt38a(exclusive)
cpe:2.3:o:lenovo:ideacentre_5-14imb05_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_5-14imb05>>-
cpe:2.3:h:lenovo:ideacentre_5-14imb05:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_5-14iob6_firmware>>Versions before m3gkt33a(exclusive)
cpe:2.3:o:lenovo:ideacentre_5-14iob6_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_5-14iob6>>-
cpe:2.3:h:lenovo:ideacentre_5-14iob6:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_creator_5-14iob6_firmware>>Versions up to m3gkt33a(inclusive)
cpe:2.3:o:lenovo:ideacentre_creator_5-14iob6_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_creator_5-14iob6>>-
cpe:2.3:h:lenovo:ideacentre_creator_5-14iob6:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_g5-14imb05_firmware>>Versions before o4hkt38a(exclusive)
cpe:2.3:o:lenovo:ideacentre_g5-14imb05_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_g5-14imb05>>-
cpe:2.3:h:lenovo:ideacentre_g5-14imb05:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_gaming_5_17acn7_firmware>>Versions before o5ekt21a(exclusive)
cpe:2.3:o:lenovo:ideacentre_gaming_5_17acn7_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_gaming_5_17acn7>>-
cpe:2.3:h:lenovo:ideacentre_gaming_5_17acn7:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_gaming_5_17iab7_firmware>>Versions before m42kt40a(exclusive)
cpe:2.3:o:lenovo:ideacentre_gaming_5_17iab7_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_gaming_5_17iab7>>-
cpe:2.3:h:lenovo:ideacentre_gaming_5_17iab7:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_gaming_5-14acn6_firmware>>Versions before o5ekt21a(exclusive)
cpe:2.3:o:lenovo:ideacentre_gaming_5-14acn6_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_gaming_5-14acn6>>-
cpe:2.3:h:lenovo:ideacentre_gaming_5-14acn6:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_gaming_5-14iob6_firmware>>Versions before m3gkt33a(exclusive)
cpe:2.3:o:lenovo:ideacentre_gaming_5-14iob6_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideacentre_gaming_5-14iob6>>-
cpe:2.3:h:lenovo:ideacentre_gaming_5-14iob6:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>legion_c530-19icb_firmware>>Versions before o4bkt20a(exclusive)
cpe:2.3:o:lenovo:legion_c530-19icb_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>legion_c530-19icb>>-
cpe:2.3:h:lenovo:legion_c530-19icb:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>legion_t5-26iob6_firmware>>Versions before o54kt1da(exclusive)
cpe:2.3:o:lenovo:legion_t5-26iob6_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>legion_t5-26iob6>>-
cpe:2.3:h:lenovo:legion_t5-26iob6:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>legion_t5-28icb05_firmware>>Versions before o4bkt20a(exclusive)
cpe:2.3:o:lenovo:legion_t5-28icb05_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>legion_t5-28icb05>>-
cpe:2.3:h:lenovo:legion_t5-28icb05:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>legion_t530-28apr_firmware>>Versions before o4gkt16a(exclusive)
cpe:2.3:o:lenovo:legion_t530-28apr_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>legion_t530-28apr>>-
cpe:2.3:h:lenovo:legion_t530-28apr:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>legion_t530-28icb_firmware>>Versions before o4bkt20a(exclusive)
cpe:2.3:o:lenovo:legion_t530-28icb_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>legion_t530-28icb>>-
cpe:2.3:h:lenovo:legion_t530-28icb:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>legion_t7-34imz5_firmware>>Versions before o4lkt1ea(exclusive)
cpe:2.3:o:lenovo:legion_t7-34imz5_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>legion_t7-34imz5>>-
cpe:2.3:h:lenovo:legion_t7-34imz5:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkcentre_m70q_gen_2_firmware>>Versions before m2wkt57a(exclusive)
cpe:2.3:o:lenovo:thinkcentre_m70q_gen_2_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkcentre_m70q_gen_2>>-
cpe:2.3:h:lenovo:thinkcentre_m70q_gen_2:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkcentre_m710t_firmware>>Versions before m16kt68a(exclusive)
cpe:2.3:o:lenovo:thinkcentre_m710t_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkcentre_m710t>>-
cpe:2.3:h:lenovo:thinkcentre_m710t:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkcentre_m60e_tiny_firmware>>Versions before m3skt21a(exclusive)
cpe:2.3:o:lenovo:thinkcentre_m60e_tiny_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkcentre_m60e_tiny>>-
cpe:2.3:h:lenovo:thinkcentre_m60e_tiny:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkcentre_m625q_firmware>>Versions before m1wkt45a(exclusive)
cpe:2.3:o:lenovo:thinkcentre_m625q_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkcentre_m625q>>-
cpe:2.3:h:lenovo:thinkcentre_m625q:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkcentre_m630e_firmware>>Versions before m28kt37a(exclusive)
cpe:2.3:o:lenovo:thinkcentre_m630e_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkcentre_m630e>>-
cpe:2.3:h:lenovo:thinkcentre_m630e:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE-125Secondarypsirt@lenovo.com
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-125
Type: Secondary
Source: psirt@lenovo.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.lenovo.com/us/en/product_security/LEN-94953psirt@lenovo.com
Vendor Advisory
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-94953
Source: psirt@lenovo.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

246Records found
CVE-2024-11679
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.69%
||
7 Day CHG~0.00%
Published-11 Apr, 2025 | 18:21
Updated-15 Apr, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An input validation weakness was reported in the TpmSetup module for some legacy System x server products that could allow a local attacker with elevated privileges to read the contents of memory.

Action-Not Available
Vendor-Lenovo Group Limited
Product-System x3550 M5System x3560 M5
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-4434
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.93%
||
7 Day CHG~0.00%
Published-05 Jan, 2023 | 17:32
Updated-10 Apr, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to cause information disclosure.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_x13s_firmwarethinkpad_x13sThinkPad X13s
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-43574
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 8.58%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 22:35
Updated-03 Sep, 2024 | 20:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkcentre_m70q_firmwarethinkcentre_m80t_gen_3ideacentre_aio_3-27itl6_firmwarethinkstation_p340_workstationthinkcentre_m70s_firmwarethinkcentre_m90q_gen_2thinkcentre_m70t_gen_3thinkcentre_m90q_tiny_firmwarethinkcentre_neo_30a_27_gen_3_firmwarethinkcentre_m70a_gen_3ideacentre_g5-14imb05_firmwarethinkstation_p330_workstationthinkcentre_m70qideacentre_5_14iab7_firmwareideacentre_aio_3-24alc6thinkstation_p340_workstation_firmwarev55t_gen_2_13acnloq_17irb8_firmwarethinkcentre_m90q_gen_3ideacentre_5_14irb8_firmwarethinkcentre_neo_30a_27_gen_3thinkcentre_m90t_gen_3_firmwarethinkcentre_m630ethinkcentre_m625qideacentre_aio_3-24imb05_firmwareyoga_aio_7_27arh7_firmwarethinkstation_p520_workstation_firmwareyoga_aio_7-27arh6v50t-13imbthinkstation_p360_workstationthinkcentre_m70a_gen_3_firmwarethinkcentre_m90a_pro_gen_3_firmwareloq_17irb8thinkstation_p350_workstationideacentre_mini_5_01iaq7thinkstation_p520c_workstationthinkstation_p350_workstation_firmwareideacentre_5-14iob6v30a-22itlthinkstation_p330_workstation_2nd_genv50a-24imb_firmwareideacentre_gaming_5_17acn7_firmwarethinkcentre_m70c_firmwarev55t_gen_2_13acn_firmwarethinkcentre_m90tthinkstation_p330_workstation_2nd_gen_firmwarethinkcentre_neo_50a_24_gen_4_firmwarethinkcentre_neo_30a_22_gen_4ideacentre_5-14iob6_firmwarelegion_t7_34irz8_firmwareideacentre_aio_3-22itl6_firmwarethinkcentre_m70s_gen_3_firmwarethinkedge_se30_firmwarethinkcentre_m80q_gen_3_firmwarethinkcentre_m920z_all-in-one_firmwarethinkcentre_neo_30a_27_gen_4legion_t5_26irb8v50a-22imbthinkstation_p350_tiny_workstationv50a-24imbthinkcentre_neo_30a_24_gen_3thinkcentre_m90sthinkstation_p358_workstation_firmwarethinkcentre_m70q_gen_2_firmwarev50s-07imbideacentre_creator_5-14iob6thinkcentre_m90a_gen_3thinkcentre_m75s_gen_2ideacentre_5-14acn6_firmwareideacentre_aio_3-24imb05ideacentre_gaming_5-14acn6thinkcentre_m80tthinkcentre_m70tideacentre_5-14imb05thinkcentre_m90a_gen_2_firmwarethinkcentre_m90a_pro_gen_3thinkcentre_m90a_firmwarethinkcentre_m625q_firmwareyoga_aio_7_27arh7ideacentre_aio_5_24iah7ideacentre_aio_3_21itl7ideacentre_aio_5_27iah7_firmwareideacentre_aio_3-27imb05thinkstation_p348_workstation_firmwareideacentre_aio_3-24itl6_firmwarethinkstation_p920_workstationideacentre_aio_3_22iap7_firmwarethinkstation_p330_workstation_firmwarethinkcentre_m75t_gen_2_firmwarethinkstation_p360_ultra_workstationideacentre_aio_3-22iil5yoga_aio_7-27arh6_firmwareideacentre_aio_5_24iah7_firmwarethinkcentre_neo_70t_gen_3_firmwarethinkcentre_m90a_gen_3_firmwareideacentre_aio_3_24iap7_firmwareideacentre_aio_3-24iil5ideacentre_gaming_5-14iob6thinkcentre_m90q_tinythinkcentre_neo_50t_gen_3thinkcentre_m70t_firmwarelegion_t7-34imz5_firmwareideacentre_mini_5_01iaq7_firmwareideacentre_g5-14imb05thinkcentre_neo_30a_27_gen_4_firmwareideacentre_aio_3-24iil5_firmwareideacentre_t540-15ama_gthinkcentre_neo_70t_gen_3ideacentre_aio_3-22itl6thinkstation_p358_workstationideacentre_aio_3_27iap7_firmwarethinkstation_p350_tiny_workstation_firmwarethinkstation_p360_ultra_workstation_firmwarethinkcentre_m90t_firmwarev30a-24imlthinkcentre_m80sthinkcentre_m70q_gen_2thinkcentre_m75s_gen_2_firmwarelegion_t7-34iaz7thinkcentre_m80q_firmwarelegion_t5_26iab7_firmwarelegion_t5_26iab7ideacentre_aio_3-27itl6thinkcentre_m90s_firmwarethinkcentre_m630e_firmwareideacentre_aio_3-22imb05v50t-13iob_firmwarethinkcentre_neo_30a_22_gen_3_firmwareideacentre_mini_5-01imh05thinkcentre_m80t_gen_3_firmwareideacentre_aio_3_22iap7ideacentre_gaming_5_17acn7ideacentre_aio_3_21itl7_firmwarethinkstation_p340_tiny_workstationthinkcentre_neo_30a_22_gen_3thinkcentre_m90s_gen_3thinkstation_p320_workstationthinkcentre_neo_50t_gen_3_firmwarethinkstation_p348_workstationideacentre_t540-15ama_g_firmwareideacentre_aio_3_27iap7ideacentre_g5-14amr05_firmwarethinkcentre_m75n_firmwarethinkcentre_m80qthinkedge_se30ideacentre_5_14iab7ideacentre_mini_5-01imh05_firmwarelegion_t7_34irz8thinkcentre_m75nthinkstation_p920_workstation_firmwarelegion_t7-34imz5v30a-24iml_firmwarethinkcentre_m70t_gen_3_firmwarethinkstation_p520_workstationv50t-13imh_firmwarethinkcentre_m920z_all-in-onethinkcentre_neo_30a_24_gen_3_firmwarethinkstation_p520c_workstation_firmwareideacentre_3-07ada05thinkcentre_m70cthinkcentre_neo_30a_24_gen_4v50t-13iobthinkstation_p360_tiny_workstation_firmwareideacentre_aio_3-22iil5_firmwarethinkstation_p720_workstationthinkcentre_m75q_gen_2thinkcentre_m90q_gen_3_firmwarethinkcentre_m90athinkcentre_neo_50a_24_gen_4thinkcentre_m80s_gen_3v30a-24itl_firmwareideacentre_aio_3-22imb05_firmwareideacentre_c5-14imb05thinkcentre_m90s_gen_3_firmwarethinkcentre_m70s_gen_3ideacentre_aio_3_24iap7thinkcentre_m90q_gen_2_firmwarethinkcentre_m80q_gen_3v30a-24itlv50a-22imb_firmwarethinkstation_p360_tiny_workstationthinkcentre_m70sthinkcentre_neo_50a_24_gen_3_firmwarev50s-07imb_firmwarev30a-22imlthinkcentre_neo_30a_24_gen_4_firmwareideacentre_aio_3-24itl6ideacentre_c5-14imb05_firmwareideacentre_aio_3-27imb05_firmwarethinkcentre_m80s_gen_3_firmwarelegion_t5_26irb8_firmwarev30a-22iml_firmwareideacentre_3-07ada05_firmwarev30a-22itl_firmwarethinkcentre_m75q_gen_2_firmwarethinkstation_p360_workstation_firmwarethinkstation_p340_tiny_workstation_firmwareideacentre_5-14imb05_firmwarev50t-13imb_firmwareideacentre_gaming_5_17iab7ideacentre_3-07imb05_firmwareideacentre_5_14irb8thinkstation_p720_workstation_firmwareideacentre_g5-14amr05ideacentre_aio_3-24alc6_firmwareideacentre_gaming_5-14iob6_firmwarethinkcentre_m80t_firmwarethinkstation_p320_workstation_firmwarethinkcentre_m90a_gen_2ideacentre_5-14acn6thinkcentre_neo_50a_24_gen_3thinkcentre_neo_30a_22_gen_4_firmwarethinkcentre_m80s_firmwareideacentre_aio_5_27iah7ideacentre_3-07imb05legion_t7-34iaz7_firmwareideacentre_gaming_5_17iab7_firmwareideacentre_gaming_5-14acn6_firmwarethinkcentre_m75t_gen_2ideacentre_creator_5-14iob6_firmwarethinkcentre_m90t_gen_3v50t-13imhDesktop BIOS
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-4432
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.93%
||
7 Day CHG~0.00%
Published-05 Jan, 2023 | 17:32
Updated-08 Apr, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_x13s_firmwarethinkpad_x13sThinkPad X13s
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-43572
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 8.58%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 22:33
Updated-03 Sep, 2024 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkcentre_m70q_firmwarethinkcentre_m80t_gen_3ideacentre_aio_3-27itl6_firmwarethinkstation_p340_workstationthinkcentre_m70s_firmwarethinkcentre_m90q_gen_2thinkcentre_m70t_gen_3thinkcentre_m90q_tiny_firmwarethinkcentre_neo_30a_27_gen_3_firmwarethinkcentre_m70a_gen_3ideacentre_g5-14imb05_firmwarethinkstation_p330_workstationthinkcentre_m70qideacentre_5_14iab7_firmwareideacentre_aio_3-24alc6thinkstation_p340_workstation_firmwarev55t_gen_2_13acnloq_17irb8_firmwarethinkcentre_m90q_gen_3ideacentre_5_14irb8_firmwarethinkcentre_neo_30a_27_gen_3thinkcentre_m90t_gen_3_firmwarethinkcentre_m630ethinkcentre_m625qideacentre_aio_3-24imb05_firmwareyoga_aio_7_27arh7_firmwarethinkstation_p520_workstation_firmwareyoga_aio_7-27arh6v50t-13imbthinkstation_p360_workstationthinkcentre_m70a_gen_3_firmwarethinkcentre_m90a_pro_gen_3_firmwareloq_17irb8thinkstation_p350_workstationideacentre_mini_5_01iaq7thinkstation_p520c_workstationthinkstation_p350_workstation_firmwareideacentre_5-14iob6v30a-22itlthinkstation_p330_workstation_2nd_genv50a-24imb_firmwareideacentre_gaming_5_17acn7_firmwarethinkcentre_m70c_firmwarev55t_gen_2_13acn_firmwarethinkcentre_m90tthinkstation_p330_workstation_2nd_gen_firmwarethinkcentre_neo_50a_24_gen_4_firmwarethinkcentre_neo_30a_22_gen_4ideacentre_5-14iob6_firmwarelegion_t7_34irz8_firmwareideacentre_aio_3-22itl6_firmwarethinkcentre_m70s_gen_3_firmwarethinkedge_se30_firmwarethinkcentre_m80q_gen_3_firmwarethinkcentre_m920z_all-in-one_firmwarethinkcentre_neo_30a_27_gen_4legion_t5_26irb8v50a-22imbthinkstation_p350_tiny_workstationv50a-24imbthinkcentre_neo_30a_24_gen_3thinkcentre_m90sthinkstation_p358_workstation_firmwarethinkcentre_m70q_gen_2_firmwarev50s-07imbideacentre_creator_5-14iob6thinkcentre_m90a_gen_3thinkcentre_m75s_gen_2ideacentre_5-14acn6_firmwareideacentre_aio_3-24imb05ideacentre_gaming_5-14acn6thinkcentre_m80tthinkcentre_m70tideacentre_5-14imb05thinkcentre_m90a_gen_2_firmwarethinkcentre_m90a_pro_gen_3thinkcentre_m90a_firmwarethinkcentre_m625q_firmwareyoga_aio_7_27arh7ideacentre_aio_5_24iah7ideacentre_aio_3_21itl7ideacentre_aio_5_27iah7_firmwareideacentre_aio_3-27imb05thinkstation_p348_workstation_firmwareideacentre_aio_3-24itl6_firmwarethinkstation_p920_workstationideacentre_aio_3_22iap7_firmwarethinkstation_p330_workstation_firmwarethinkcentre_m75t_gen_2_firmwarethinkstation_p360_ultra_workstationideacentre_aio_3-22iil5yoga_aio_7-27arh6_firmwareideacentre_aio_5_24iah7_firmwarethinkcentre_neo_70t_gen_3_firmwarethinkcentre_m90a_gen_3_firmwareideacentre_aio_3_24iap7_firmwareideacentre_aio_3-24iil5ideacentre_gaming_5-14iob6thinkcentre_m90q_tinythinkcentre_neo_50t_gen_3thinkcentre_m70t_firmwarelegion_t7-34imz5_firmwareideacentre_mini_5_01iaq7_firmwareideacentre_g5-14imb05thinkcentre_neo_30a_27_gen_4_firmwareideacentre_aio_3-24iil5_firmwareideacentre_t540-15ama_gthinkcentre_neo_70t_gen_3ideacentre_aio_3-22itl6thinkstation_p358_workstationideacentre_aio_3_27iap7_firmwarethinkstation_p350_tiny_workstation_firmwarethinkstation_p360_ultra_workstation_firmwarethinkcentre_m90t_firmwarev30a-24imlthinkcentre_m80sthinkcentre_m70q_gen_2thinkcentre_m75s_gen_2_firmwarelegion_t7-34iaz7thinkcentre_m80q_firmwarelegion_t5_26iab7legion_t5_26iab7_firmwareideacentre_aio_3-27itl6thinkcentre_m90s_firmwarethinkcentre_m630e_firmwareideacentre_aio_3-22imb05v50t-13iob_firmwarethinkcentre_neo_30a_22_gen_3_firmwareideacentre_mini_5-01imh05thinkcentre_m80t_gen_3_firmwareideacentre_aio_3_22iap7ideacentre_gaming_5_17acn7ideacentre_aio_3_21itl7_firmwarethinkstation_p340_tiny_workstationthinkcentre_neo_30a_22_gen_3thinkcentre_m90s_gen_3thinkstation_p320_workstationthinkcentre_neo_50t_gen_3_firmwarethinkstation_p348_workstationideacentre_t540-15ama_g_firmwareideacentre_aio_3_27iap7ideacentre_g5-14amr05_firmwarethinkcentre_m75n_firmwarethinkcentre_m80qthinkedge_se30ideacentre_5_14iab7ideacentre_mini_5-01imh05_firmwarelegion_t7_34irz8thinkcentre_m75nthinkstation_p920_workstation_firmwarelegion_t7-34imz5v30a-24iml_firmwarethinkcentre_m70t_gen_3_firmwarethinkstation_p520_workstationv50t-13imh_firmwarethinkcentre_m920z_all-in-onethinkcentre_neo_30a_24_gen_3_firmwarethinkstation_p520c_workstation_firmwareideacentre_3-07ada05thinkcentre_m70cthinkcentre_neo_30a_24_gen_4v50t-13iobthinkstation_p360_tiny_workstation_firmwareideacentre_aio_3-22iil5_firmwarethinkstation_p720_workstationthinkcentre_m75q_gen_2thinkcentre_m90q_gen_3_firmwarethinkcentre_m90athinkcentre_neo_50a_24_gen_4thinkcentre_m80s_gen_3v30a-24itl_firmwareideacentre_aio_3-22imb05_firmwareideacentre_c5-14imb05thinkcentre_m90s_gen_3_firmwarethinkcentre_m70s_gen_3ideacentre_aio_3_24iap7thinkcentre_m90q_gen_2_firmwarethinkcentre_m80q_gen_3v30a-24itlv50a-22imb_firmwarethinkstation_p360_tiny_workstationthinkcentre_m70sthinkcentre_neo_50a_24_gen_3_firmwarev50s-07imb_firmwarev30a-22imlthinkcentre_neo_30a_24_gen_4_firmwareideacentre_aio_3-24itl6ideacentre_c5-14imb05_firmwareideacentre_aio_3-27imb05_firmwarethinkcentre_m80s_gen_3_firmwarelegion_t5_26irb8_firmwarev30a-22iml_firmwareideacentre_3-07ada05_firmwarev30a-22itl_firmwarethinkcentre_m75q_gen_2_firmwarethinkstation_p360_workstation_firmwarethinkstation_p340_tiny_workstation_firmwareideacentre_5-14imb05_firmwarev50t-13imb_firmwareideacentre_gaming_5_17iab7ideacentre_3-07imb05_firmwareideacentre_5_14irb8thinkstation_p720_workstation_firmwareideacentre_g5-14amr05ideacentre_aio_3-24alc6_firmwareideacentre_gaming_5-14iob6_firmwarethinkcentre_m80t_firmwarethinkstation_p320_workstation_firmwarethinkcentre_m90a_gen_2ideacentre_5-14acn6thinkcentre_neo_50a_24_gen_3thinkcentre_neo_30a_22_gen_4_firmwarethinkcentre_m80s_firmwareideacentre_aio_5_27iah7ideacentre_3-07imb05legion_t7-34iaz7_firmwareideacentre_gaming_5_17iab7_firmwareideacentre_gaming_5-14acn6_firmwarethinkcentre_m75t_gen_2ideacentre_creator_5-14iob6_firmwarethinkcentre_m90t_gen_3v50t-13imhDesktop BIOS
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-4435
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.42%
||
7 Day CHG~0.00%
Published-05 Jan, 2023 | 17:33
Updated-10 Apr, 2025 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_x13s_firmwarethinkpad_x13sThinkPad X13s
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-4433
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.42%
||
7 Day CHG~0.00%
Published-05 Jan, 2023 | 17:32
Updated-10 Apr, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_x13s_firmwarethinkpad_x13sThinkPad X13s
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-40135
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 12.21%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 21:20
Updated-27 Mar, 2025 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkcentre_m70q_firmwarev330-20icbthinkcentre_e75_t\/sthinkcentre_m720eideacentre_a340-24igmthinksmart_core_device\thinkstation_p350_tiny_firmwarethinkcentre_m70t_gen_3thinkcentre_m90q_gen_2thinkcentre_e96zthinkcentre_m818z_firmwarethinkcentre_m720qideacentre_5_14iab7_firmwarev55t_gen_2_13acnthinkstation_p520yta8900fthinkcentre_m710ev50t-13imbthinkstation_p310ideacentre_5-14are05v530-22icbv330-20icb_firmwareideacentre_510-15ick_firmwareideacentre_gaming_5_17acn7_firmwarethinkcentre_m70c_firmwarev530s-07icb_firmwarev55t_gen_2_13acn_firmwarethinkstation_p340ideacentre_5-14iob6_firmwarethinkcentre_m715t_firmwarethinkcentre_m920tthinkcentre_m710tideacentre_510a-15ickthinkstation_p620thinkstation_p318_firmwarethinkstation_p350thinkcentre_m720tlegion_c530-19icb_firmwarelegion_t530-28icbthinksmart_core_\&_controller_full_room_kit\ideacentre_5-14are05_firmwareqt_m415_firmwareideacentre_510s-07icb_firmwarethinkcentre_m75s-1stadia_ggp-120thinkcentre_m70q_gen_2_firmwarev50s-07imbthinkcentre_m75s_gen_2thinkstation_p340_firmwareideacentre_5-14acn6_firmwareideacentre_gaming_5-14acn6thinkcentre_m625q_firmwarethinkstation_p520c_firmwareqt_b415_firmwarethinkcentre_m75t_gen_2_firmwarethinkcentre_m910x_firmwarethinkcentre_m910s_firmwarethinkcentre_m75q-1yangtian_afq150_firmwarev50t-13iob_g2ideacentre_gaming_5-14iob6v520sthinkcentre_neo_50t_gen_3ideacentre_g5-14imb05thinkcentre_m70a_gen_2_firmwareideacentre_t540-15ama_gthinksmart_core_\&_controller_kit\thinkcentre_m910q_firmwarethinkstation_p350_tinythinkcentre_m720s_firmwarelegion_t530-28aprthinkcentre_m70q_gen_2thinkcentre_m75s_gen_2_firmwareqt_m410_firmwarethinkcentre_m920q_firmwarethinkcentre_m920sideacentre_a340-24igm_firmwareideacentre_510s-07icbthinksystem_st58_firmwarethinkcentre_m710q_firmwarethinkcentre_m818zqt_m415v520thinkstation_p318ideacentre_t540-15ama_g_firmwarethinksmart_core_device_for_polyideacentre_g5-14amr05_firmwarethinkcentre_m75n_firmwarethinkcentre_m910qthinkcentre_m6600t_firmwarethinkcentre_m720sideacentre_720-18apr_firmwarethinkcentre_m715q_firmwarethinksmart_hub_teamsthinkcentre_m920t_firmwarethinkcentre_m810zthinksmart_core_device_for_logitechthinkcentre_m75nthinksmart_hub_zoomthinkcentre_m810z_firmwarelegion_t5-26iob6_firmwarethinkcentre_m710qthinkcentre_m60e_tinythinkcentre_m70t_gen_3_firmwareideacentre_3-07ada05thinkcentre_m710e_firmwarev530-15icbthinkcentre_m6600sstadia_ggp-120_firmwarethinkcentre_m60e_tiny_firmwarethinkcentre_m70q_gen_3_firmwarethinkcentre_m75s-1_firmwarelegion_t5-28icb05_firmwarev35s-07ada_firmwarethinksmart_core_device_for_poly_firmwarev520_firmwareideacentre_720-18aprlegion_t5-28icb05thinkcentre_m70av530s-07icr_firmwareideacentre_510-15ickthinkcentre_m6600qideacentre_3-07ada05_firmwarev55t-15areyoga_a940-27icb_firmwarev530s-07icrthinkcentre_m75q-1_firmwarev50t-13imb_firmwareideacentre_gaming_5_17iab7thinkcentre_m820zideacentre_3-07imb05_firmwarev50t-13iob_g2_firmwareqitian_a815_firmwarethinkcentre_m70q_gen_3ideacentre_t540-15ick_firmwareideacentre_g5-14amr05yta8900f_firmwareideacentre_gaming_5-14iob6_firmwarethinkcentre_m910tv540-24iwlthinkcentre_m920x_firmwarev530-15arr_firmwarethinkcentre_m920qthinksmart_hub_teams_firmwarethinkcentre_m720t_firmwarethinkstation_p320_tinythinkcentre_e75_t\/s_firmwarethinkcentre_m90q_tiny_firmwareideacentre_3_07iab7_firmwareideacentre_g5-14imb05_firmwarethinkcentre_neo_50s_gen_3thinkcentre_m6600tthinkcentre_m70qthinkstation_p330_tiny_firmwarev35s-07adathinkcentre_m630eideacentre_510a-15arrthinkcentre_m625qthinkcentre_m90a_gen2v530-15arrthinkstation_p310_firmwarethinkcentre_neo_50s_gen_3_firmwarethinkcentre_e96z_firmwareideacentre_5-14iob6v50a-24imb_firmwarev530-15icb_firmwareideacentre_510s-07ick_firmwarelegion_t530-28icb_firmwarethinkcentre_m715qideacentre_510a-15arr_firmwarethinkcentre_m70s_gen_3_firmwarethinkcentre_m70a_firmwarethinkedge_se30_firmwarev530-15icrv530s-07icbv50a-22imbyangtian_afq150v50a-24imbv530-22icb_firmwarethinkstation_p330_tinyideacentre_creator_5-14iob6legion_t530-28apr_firmwarethinkcentre_m70a_gen_2ideacentre_5-14imb05legion_c530-19icbthinksystem_st50thinkcentre_m90a_firmwarethinkcentre_m920s_firmwareideacentre_510s-07ickthinkcentre_m710s_firmwarethinkcentre_m610v55t-15are_firmwarelegion_t5-26iob6thinkcentre_m90q_tinylegion_t7-34imz5_firmwarethinkcentre_m920xv530-15icr_firmwarethinkstation_p620_firmwarev55t-15api_firmwareqt_m410ideacentre_a340-22igmthinkstation_p340_tinyv30a-24imlthinkstation_p520_firmwarethinksmart_core_device_for_logitech_firmwarethinkcentre_m910xthinkcentre_m80q_firmwarethinkcentre_m6600s_firmwarethinkcentre_m630e_firmwarethinkcentre_m910sv530-24icb_firmwareideacentre_gaming_5_17acn7ideacentre_3_07iab7thinkstation_p348thinkcentre_neo_50t_gen_3_firmwarethinkcentre_m6600q_firmwarethinkcentre_m710t_firmwareideacentre_t540-15ickqitian_a815thinkcentre_m720e_firmwarethinkcentre_m80qthinkedge_se30ideacentre_5_14iab7thinkcentre_m725sqt_b415legion_t7-34imz5v30a-24iml_firmwarethinkcentre_m725s_firmwarethinkcentre_m70cthinksystem_st50_firmwarev520s_firmwarethinkcentre_m75q_gen_2thinkcentre_m90athinkstation_p350_firmwarethinkstation_p320_tiny_firmwarethinksystem_st58ideacentre_c5-14imb05thinkcentre_m70s_gen_3v50a-22imb_firmwarethinkcentre_m90q_gen_2_firmwarev50s-07imb_firmwarev530-24icbv30a-22imlthinkstation_p340_tiny_firmwarethinkcentre_m90a_gen2_firmwareideacentre_c5-14imb05_firmwareyoga_a940-27icbthinkcentre_m610_firmwarev30a-22iml_firmwarethinkcentre_m820z_firmwarethinksmart_hub_zoom_firmwarev540-24iwl_firmwarethinkcentre_m75q_gen_2_firmwarev55t-15apiideacentre_5-14imb05_firmwarethinkcentre_m715tthinkstation_p348_firmwareideacentre_510a-15ick_firmwarethinkcentre_m910t_firmwarethinkcentre_m710sideacentre_a340-22igm_firmwareideacentre_5-14acn6ideacentre_3-07imb05ideacentre_gaming_5_17iab7_firmwareideacentre_gaming_5-14acn6_firmwarethinkcentre_m75t_gen_2ideacentre_creator_5-14iob6_firmwarethinkcentre_m720q_firmwarethinkstation_p520cBIOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-40134
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 12.21%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 21:20
Updated-27 Mar, 2025 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_t14sv330-20icbthinksystem_sr530_firmwarethinkagile_hx5530thinkpad_e490thinkstation_p350_tiny_firmwarethinkcentre_m90q_gen_2v55t_gen_2_13acnthinkpad_p53yta8900fthinkpad_x1_yoga_5th_genthinkpad_p72_firmwarethinkpad_r14_gen_2thinkagile_vx3320_firmwarethinkagile_hx2330thinkagile_vx7820thinkpad_l590thinksystem_sn850thinkpad_p52thinkagile_vx3320ideacentre_5-14are05thinkcentre_m810z_all-in-onethinkagile_hx2320_firmwarethinksystem_hr630x_firmwarethinkagile_vx_2u4nthinkcentre_m70c_firmwarev530s-07icb_firmwarethinksystem_sr630_v2thinkagile_hx7820_firmwarev55t_gen_2_13acn_firmwarethinkpad_t14s_firmwarethinksystem_sn850_firmwarethinkstation_p340thinkagile_vx_4u_firmwareideacentre_5-14iob6_firmwarethinkstation_p318_firmwarethinkserver_ts560_firmwarethinkagile_vx2320_firmwarethinksystem_sr250_v2_firmwarelegion_t530-28icbthinkcentre_m90sthinkserver_rd450_firmwareideacentre_5-14are05_firmwareideacentre_510s-07icb_firmwarethinkserver_sr588_firmwarethinkpad_t15_firmwarethinksystem_sr670_v2_firmwarethinkcentre_m75s_gen_2thinksystem_sr670_v2thinkagile_mx3331-f_firmwarethinkagile_hx2320-e_firmwarethinkcentre_m625q_firmwarethinkagile_hx3331thinkagile_vx5520thinkserver_rd350g_firmwarethinkserver_sd350_firmwarethinkserver_ts150thinkpad_x1_carbon_8th_genthinkagile_hx2321_firmwarethinksystem_sr860_v2_firmwareqt_b415_firmwarethinkcentre_m910x_firmwarethinkcentre_m910s_firmwareyangtian_afq150_firmwareideacentre_g5-14imb05thinkcentre_m70a_gen_2_firmwarethinkagile_mx3530_f_firmwarethinksystem_st258_firmwarethinkagile_hx3376_firmwarethinkpad_p52_firmwarethinkagile_hx7821_firmwarethinkcentre_m90t_firmwarethinkagile_vx_2u4n_firmwarelegion_t530-28aprthinkcentre_m70q_gen_2thinkagile_hx2330_firmwarethinkagile_hx1321thinkagile_mx_certified_node_-_hybrid_firmwarethinksystem_sd650-n_v2_firmwarethinkstation_p318thinksystem_st558_firmwareideacentre_g5-14amr05_firmwarethinkcentre_m75n_firmwarethinkcentre_m6600t_firmwarethinkcentre_m8600s_firmwarethinkcentre_m715q_firmwarethinksmart_hub_teamsthinkagile_hx3520-gthinkpad_x1_extreme_1st_genthinkcentre_m75nthinksystem_sr860legion_t5-26iob6_firmwarethinkcentre_m710qthinkcentre_m60e_tinythinkcentre_m70t_gen_3_firmwarethinkcentre_m710e_firmwarev530-15icbthinkagile_hx5530_firmwarethinkcentre_e75sthinkserver_sd350legion_t5-28icb05_firmwarethinkpad_p15s_gen_2_firmwarethinksystem_sd650_v2thinkcentre_m70sthinksystem_sr650_v2thinkserver_rd350_firmwarev520_firmwarethinkpad_p1_gen_3_firmwarethinkagile_mx3321_h_firmwarelegion_t5-28icb05thinkagile_mx3530_fthinkagile_hx1520-rthinkcentre_m70athinksystem_sd630_v2thinkagile_vx_1se_firmwarethinkcentre_m6600qthinkagile_mx1021ideacentre_3-07ada05_firmwareyoga_a940-27icb_firmwarethinkagile_hx2331thinkagile_hx2320-ethinkagile_vx5530v50t-13iob_g2_firmwarethinkpad_t15_gen_2thinkserver_sr860p_firmwarethinkserver_rd550_firmwarethinkcentre_m70q_gen_3thinkagile_vx1320thinksystem_sr950_firmwarethinkcentre_m80t_firmwarethinkcentre_m90a_gen_2thinkpad_p53s_firmwarethinkagile_hx3376v540-24iwlthinkagile_vx3530-gthinksystem_sd650_dwc_dual_node_traythinkagile_mx3531-fthinkpad_l13_yoga_firmwarethinksystem_sr570_firmwarethinksystem_sr158thinkcentre_m90q_tiny_firmwareideacentre_g5-14imb05_firmwarethinkcentre_m6600tthinkpad_t590thinksystem_st250thinkpad_x1_carbon_9th_gen_firmwarethinksystem_sr850thinkpad_x1_carbon_8th_gen_firmwarethinkagile_hx7530_firmwarethinksmart_hub_500thinkagile_hx5520thinkagile_vx7530_firmwarethinkcentre_m630ethinkpad_r14_gen_2_firmwarev530-15arrthinkstation_p310_firmwarethinkserver_ts450thinkpad_x1_carbon_7th_gen_firmwarethinksystem_sr950thinkcentre_e96z_firmwarethinkpad_l390_yoga_firmwarethinkagile_vx7520_nthinksystem_sr860_firmwarethinksystem_sr650_v2_firmwarethinkagile_mx_certified_node_-_all_flash_firmwarethinkpad_t14_gen_2_firmwarethinkagile_hx3720thinkagile_mx3321_hthinksystem_sd530thinkcentre_m90tthinkcentre_m715qthinksystem_st650_v2thinksystem_sr258_v2thinkcentre_m70s_gen_3_firmwarethinkedge_se30_firmwarethinkagile_hx1021v530-15icrthinksystem_hr610xthinkagile_vx3330thinkagile_mx3330-h_firmwarethinkpad_x1_yoga_6th_gen_firmwarethinkagile_hx3331_firmwarethinkpad_p15s_gen_1_firmwarethinkpad_x1_extreme_2nd_genthinksystem_st250_firmwarev50a-24imbthinksystem_hr610x_firmwarethinkpad_x390_yoga_firmwarethinkpad_p15v_gen_1legion_t530-28apr_firmwarethinkpad_t590_firmwarethinkserver_ts550legion_c530-19icbthinkpad_l490_firmwarethinkcentre_m90a_firmwarethinkagile_hx1331thinkagile_hx2320thinkagile_hx7521thinksystem_sr550thinkcentre_m8600sthinkagile_vx3520-g_firmwarethinkserver_rd650thinkagile_mx3530-hthinkagile_vx_2u_firmwarethinkpad_x13_gen_2thinkserver_rs160thinksystem_st250_v2thinkagile_hx2321ideacentre_510s-07ickthinkagile_mx3330-f_firmwarethinkpad_l15_gen_2_firmwarethinksystem_dx8200d_firmwarethinkagile_hx1320thinkcentre_m710s_firmwarethinkagile_hx1321_firmwarethinkpad_l14_gen_2_firmwarethinkpad_e590thinkpad_t15p_gen_1_legion_t5-26iob6thinkagile_hx1320_firmwarethinksystem_sn550_v2thinkpad_s3_2nd_gen_firmwarethinkagile_hx3521-gthinkcentre_m90q_tinylegion_t7-34imz5_firmwarethinkcentre_m70t_firmwarethinkpad_t15v530-15icr_firmwarethinkpad_x1_extreme_3rd_genthinkserver_ts150_firmwarethinkstation_p620_firmwarethinksystem_st650_v2_firmwarethinkpad_p14s_gen_2_firmwareqt_m410thinkagile_vx2330ideacentre_a340-22igmthinkcentre_m820z_all-in-onethinkpad_p15s_gen_1thinksystem_st550thinkpad_t14s_gen_2thinksystem_hr650x_firmwarethinkserver_td350_firmwarethinksystem_st658_v2_firmwarev30a-24imlthinkserver_rd450thinkcentre_m80sthinksystem_sr250_v2thinkagile_mx3520_hthinkcentre_m630e_firmwarethinkagile_mx3530-h_firmwarethinksystem_st250_v2_firmwarev530-24icb_firmwareideacentre_gaming_5_17acn7thinkstation_p348thinksystem_sr650_firmwarethinkserver_rd650_firmwarethinkcentre_m710t_firmwarethinkpad_p43sqitian_a815thinkagile_hx7530thinksystem_sr530thinkcentre_m720e_firmwarethinkcentre_m80qthinkpad_l390_firmwarethinkpad_t14_gen_2thinkedge_se30thinkagile_mx3520_fn4610_storage_firmwareqt_b415thinkagile_hx7821thinkagile_hx5521_firmwarelegion_t7-34imz5v30a-24iml_firmwarethinkagile_hx1021_firmwarethinkcentre_m70cthinkpad_x13_gen_2_firmwarethinkagile_vx3331v520s_firmwarethinksystem_st258_v2thinkagile_vx7820_firmwarethinkagile_hx5520-c_firmwarethinkcentre_m75q_gen_2thinkcentre_m90athinkstation_p350_firmwarethinksystem_st58thinkpad_l390ideacentre_c5-14imb05thinkpad_t15_gen_2_firmwarethinkcentre_m70s_gen_3thinkagile_mx3331-hv50s-07imb_firmwarethinksystem_sn550_firmwarethinksystem_sr258_firmwaren4610_storagethinkcentre_m8600t_firmwarethinkpad_l14v30a-22iml_firmwarethinkagile_hx1521-rthinkserver_rd350gthinkagile_hx3320thinkserver_ts460thinkpad_p1_gen_1ideacentre_5-14imb05_firmwarethinkpad_t14_gen_1thinkagile_mx3331-fthinkagile_hx7531_firmwarethinksystem_sr670thinkpad_e14_firmwarethinksystem_sr590ideacentre_a340-22igm_firmwareideacentre_5-14acn6thinkagile_vx2330_firmwarethinkagile_vx3530-g_firmwareideacentre_3-07imb05ideacentre_gaming_5-14acn6_firmwarethinkcentre_m75t_gen_2ideacentre_creator_5-14iob6_firmwarethinkpad_p43s_firmwarethinkserver_sr860pthinkcentre_m70q_firmwarethinkpad_x13_yoga_gen_1thinkagile_mx3520_h_firmwarethinkpad_p17_gen_1thinkcentre_m720eideacentre_a340-24igmthinksystem_sr665_firmwarethinkserver_ts550_firmwarethinksystem_sd630_v2_firmwarethinkserver_rs260_firmwarethinkcentre_m70t_gen_3thinkagile_hx3521-g_firmwarethinkagile_mx3531_h_firmwarethinkcentre_e96zthinkcentre_m818z_firmwareideacentre_5_14iab7_firmwarethinkstation_p520thinksystem_sr158_firmwarethinkpad_x12_detachable_gen_1_firmwarethinkagile_vx_1u_firmwarethinkserver_sr590_firmwarethinkcentre_m710ev50t-13imbthinksystem_dn8836_firmwarethinkagile_vx5520_firmwarethinksystem_st550_firmwarethinkstation_p310v530-22icbthinkpad_x1_yoga_6th_genv330-20icb_firmwareideacentre_gaming_5_17acn7_firmwarethinkpad_e15_firmwarethinkagile_hx5520-cthinkpad_x390thinkstation_p620thinkcentre_m710tthinkstation_p350thinkpad_t15g_gen_1thinkserver_sr590legion_c530-19icb_firmwareqt_m415_firmwarethinkagile_mx3321_fthinkagile_hx3330_firmwarethinkpad_t490_firmwarethinkcentre_m70q_gen_2_firmwarestadia_ggp-120thinksystem_sd650-n_v2v50s-07imbthinkagile_hx3321_firmwarethinkstation_p340_firmwaren3310_storagethinkpad_l390_yogaideacentre_5-14acn6_firmwareideacentre_gaming_5-14acn6thinkcentre_m70tthinkcentre_m90a_gen_2_firmwarethinkpad_t15p_gen_1__firmwarethinkstation_p520c_firmwarethinkagile_mx3330-hthinkagile_vx7530thinkpad_x1_extreme_1st_gen_firmwarethinkpad_x13_firmwarethinksystem_se350_firmwarethinkserver_rs160_firmwarethinkagile_hx3721_firmwarethinksystem_dn8836thinksystem_sr850p_firmwarethinkcentre_m75t_gen_2_firmwarev50t-13iob_g2thinksystem_sr258_v2_firmwarethinkagile_hx3320_firmwarethinkpad_e490sideacentre_gaming_5-14iob6v520sthinkpad_x1_extreme_3rd_gen_firmwaren3310_storage_firmwarethinkpad_l13_yogathinkagile_mx3330-fthinksystem_sd650_dwc_dual_node_tray_firmwarethinksystem_st258_v2_firmwarethinkpad_x1_yoga_4th_genthinkpad_t15g_gen_1_firmwarethinkagile_vx7330_firmwarethinkagile_vx7531_firmwarethinksystem_sr850_firmwarethinkagile_vx3330_firmwarethinkcentre_m910q_firmwarethinkagile_hx7531thinkstation_p350_tinythinkagile_vx7531thinkpad_e15qt_m410_firmwarethinkcentre_m75s_gen_2_firmwarethinksystem_sr850_v2_firmwarethinksystem_st558ideacentre_a340-24igm_firmwareideacentre_510s-07icbthinksystem_st58_firmwarethinkagile_mx1021_firmwarethinkcentre_m710q_firmwarethinkpad_x390_yogathinkcentre_m818zthinkagile_hx7520thinkagile_hx3330qt_m415thinkcentre_m8600tv520thinkagile_mx3331-h_firmwarethinkagile_hx1331_firmwarethinkpad_p14s_gen_1thinkagile_hx3321thinkcentre_m910qthinksystem_sr250thinksystem_sr850_v2thinksystem_se350thinkagile_mx1020_firmwarethinkpad_p1_gen_3thinkpad_l14_gen_2thinksmart_hub_zoomthinkpad_x1_titanium_firmwarethinkagile_hx3720_firmwarethinkpad_t14s_gen_2_firmwareideacentre_3-07ada05thinkcentre_m6600sstadia_ggp-120_firmwarethinkcentre_m60e_tiny_firmwarethinkcentre_m70q_gen_3_firmwarethinkagile_vx_2uv35s-07ada_firmwarethinkcentre_m700qthinkpad_x12_detachable_gen_1thinkagile_mx_certified_node_-_all_flashthinkagile_hx5521-cthinkagile_vx_1uthinkpad_l490thinkagile_vx3720_firmwarethinkagile_hx1520-r_firmwarev530s-07icr_firmwarethinkagile_hx5531thinksystem_sr630_firmwarethinkpad_l590_firmwarethinksystem_sr550_firmwarethinkpad_e15_gen_2_firmwarev530s-07icrthinkpad_e15_gen_2thinkcentre_e75tthinkpad_l15v50t-13imb_firmwareideacentre_gaming_5_17iab7ideacentre_3-07imb05_firmwareqitian_a815_firmwareideacentre_g5-14amr05yta8900f_firmwarethinkpad_x1_titaniumthinksystem_sr645ideacentre_gaming_5-14iob6_firmwarethinkpad_x1_nano_gen_1_firmwarethinkcentre_m80s_firmwarethinkcentre_m910tthinkpad_p14s_gen_2thinksystem_sr630_v2_firmwarethinkpad_p15v_gen_1_firmwarethinkserver_ts250thinkcentre_e75t_firmwarethinkpad_p15_gen_1thinkagile_vx5530_firmwarethinksystem_sr258thinkagile_hx5521thinkagile_mx3531-f_firmwarev530-15arr_firmwarethinksmart_hub_teams_firmwarethinkcentre_m820z_all-in-one_firmwarethinksystem_sr645_firmwarethinksystem_sn550thinkagile_hx3375_firmwarethinkagile_hx3721thinkpad_e590_firmwarethinkcentre_m70s_firmwarethinkstation_p320_tinythinkagile_hx3520-g_firmwareideacentre_3_07iab7_firmwarethinkcentre_neo_50s_gen_3thinkpad_t490thinkcentre_m70qthinkpad_p73_firmwarethinkagile_mx_certified_node_-_hybridv35s-07adathinkagile_vx1320_firmwarethinkpad_x1_carbon_9th_genthinkcentre_m625qthinkpad_x1_carbon_7th_genthinksystem_sr630thinkcentre_neo_50s_gen_3_firmwarethinkagile_vx7320_nthinkpad_x390_firmwarethinksystem_st658_v2thinkagile_hx1521-r_firmwarethinkagile_hx7820thinkagile_vx2320ideacentre_5-14iob6thinkagile_hx7520_firmwarev50a-24imb_firmwarev530-15icb_firmwareideacentre_510s-07ick_firmwarelegion_t530-28icb_firmwarethinksystem_sr860_v2thinkpad_x13thinkpad_e14_gen_2thinkagile_hx7521_firmwarethinkcentre_m70a_firmwarethinkcentre_m700q_firmwarethinkagile_hx3375thinksystem_hr650xv530s-07icbthinkagile_hx2720-e_firmwarethinksystem_dx1100uv50a-22imbyangtian_afq150thinkpad_x13_yoga_gen_1_firmwarev530-22icb_firmwarethinkpad_l15_gen_2thinksmart_hub_500_firmwarethinksystem_sr570thinkcentre_m810z_all-in-one_firmwarethinkagile_vx7520ideacentre_creator_5-14iob6thinkcentre_m70a_gen_2thinkagile_vx_4uideacentre_5-14imb05thinkcentre_m80tthinksystem_st50thinkpad_p1_gen_2_firmwarethinkpad_l13_firmwarethinksystem_st258thinkcentre_m610thinksystem_sr850pthinkserver_td350thinkpad_x1_nano_gen_1thinkagile_hx2331_firmwarethinkpad_p15_gen_1_firmwarethinkstation_p340_tinythinkagile_vx3520-gthinkstation_p520_firmwarethinksystem_sr670_firmwarethinkcentre_m910xthinksystem_sr150thinkcentre_m80q_firmwarethinkagile_vx3720thinksystem_dx1100u_firmwarethinkcentre_m6600s_firmwarethinkcentre_m90s_firmwarethinkpad_p53sthinksystem_sd650_v2_firmwarethinkpad_x13_yoga_gen_2thinkcentre_m910sthinkpad_e14ideacentre_3_07iab7thinkagile_hx2720-ethinkcentre_m6600q_firmwarethinksystem_sn550_v2_firmwarethinkpad_x1_yoga_4th_gen_firmwarethinkserver_sr588thinkpad_l14_firmwarethinkpad_t490s_firmwarethinkagile_hx5520_firmwarethinkpad_p14s_gen_1_firmwareideacentre_5_14iab7thinkagile_mx1020thinkserver_ts250_firmwarethinksystem_sr665thinksystem_sr150_firmwarethinkagile_vx7320_n_firmwarethinkpad_e490s_firmwarethinkpad_p1_gen_2thinkpad_x13_yoga_gen_2_firmwarethinkserver_rs260thinksystem_st50_firmwarethinkpad_e490_firmwarethinkagile_mx3321_f_firmwarethinksystem_dx8200dthinksystem_hr630xthinkagile_mx3520_f_firmwarethinkpad_e14_gen_2_firmwarethinksystem_sd530_firmwarethinkpad_p17_gen_1_firmwarethinkagile_vx_1sethinkstation_p320_tiny_firmwarethinkpad_p53_firmwarev50a-22imb_firmwarethinkcentre_m90q_gen_2_firmwarethinkagile_hx5521-c_firmwarethinkagile_vx7330thinkpad_l15_firmwarev530-24icbv30a-22imlthinkserver_rd350thinkstation_p340_tiny_firmwarethinksystem_sr250_firmwarethinkcentre_e75s_firmwareideacentre_c5-14imb05_firmwareyoga_a940-27icbthinkcentre_m610_firmwarethinkserver_ts450_firmwarethinksmart_hub_zoom_firmwarethinkpad_l13thinkpad_t490sv540-24iwl_firmwarethinkagile_vx7520_n_firmwarethinkpad_p73thinkcentre_m75q_gen_2_firmwarethinkpad_x1_extreme_2nd_gen_firmwarethinkstation_p348_firmwarethinkpad_p72thinkcentre_m910t_firmwarethinkpad_s3_2nd_genthinkcentre_m710sthinkpad_t14_gen_1_firmwarethinkagile_vx3331_firmwarethinkagile_vx7520_firmwarethinkpad_p1_gen_1_firmwarethinkserver_ts460_firmwarethinkpad_x1_yoga_5th_gen_firmwarethinkpad_p15s_gen_2ideacentre_gaming_5_17iab7_firmwarethinkserver_ts560thinkagile_hx5531_firmwarethinkagile_mx3531_hthinksystem_sr650thinksystem_sr590_firmwarethinkstation_p520cthinkserver_rd550BIOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-43568
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.07% / 20.61%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 22:05
Updated-03 Sep, 2024 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkcentre_m70q_firmwarethinkcentre_m80t_gen_3ideacentre_aio_3-27itl6_firmwarethinkstation_p340_workstationthinkcentre_m70s_firmwarethinkcentre_m90q_gen_2thinkcentre_m70t_gen_3thinkcentre_m90q_tiny_firmwarethinkcentre_neo_30a_27_gen_3_firmwarethinkcentre_m70a_gen_3ideacentre_g5-14imb05_firmwarethinkstation_p330_workstationthinkcentre_m70qideacentre_5_14iab7_firmwareideacentre_aio_3-24alc6thinkstation_p340_workstation_firmwarev55t_gen_2_13acnloq_17irb8_firmwarethinkcentre_m90q_gen_3ideacentre_5_14irb8_firmwarethinkcentre_neo_30a_27_gen_3thinkcentre_m90t_gen_3_firmwarethinkcentre_m630ethinkcentre_m625qideacentre_aio_3-24imb05_firmwareyoga_aio_7_27arh7_firmwarethinkstation_p520_workstation_firmwareyoga_aio_7-27arh6v50t-13imbthinkstation_p360_workstationthinkcentre_m70a_gen_3_firmwarethinkcentre_m90a_pro_gen_3_firmwareloq_17irb8thinkstation_p350_workstationideacentre_mini_5_01iaq7thinkstation_p520c_workstationthinkstation_p350_workstation_firmwareideacentre_5-14iob6v30a-22itlthinkstation_p330_workstation_2nd_genv50a-24imb_firmwareideacentre_gaming_5_17acn7_firmwarethinkcentre_m70c_firmwarev55t_gen_2_13acn_firmwarethinkcentre_m90tthinkstation_p330_workstation_2nd_gen_firmwarethinkcentre_neo_50a_24_gen_4_firmwarethinkcentre_neo_30a_22_gen_4ideacentre_5-14iob6_firmwarelegion_t7_34irz8_firmwareideacentre_aio_3-22itl6_firmwarethinkcentre_m70s_gen_3_firmwarethinkedge_se30_firmwarethinkcentre_m80q_gen_3_firmwarethinkcentre_m920z_all-in-one_firmwarethinkcentre_neo_30a_27_gen_4legion_t5_26irb8v50a-22imbthinkstation_p350_tiny_workstationv50a-24imbthinkcentre_neo_30a_24_gen_3thinkcentre_m90sthinkstation_p358_workstation_firmwarethinkcentre_m70q_gen_2_firmwarev50s-07imbideacentre_creator_5-14iob6thinkcentre_m90a_gen_3thinkcentre_m75s_gen_2ideacentre_5-14acn6_firmwareideacentre_aio_3-24imb05ideacentre_gaming_5-14acn6thinkcentre_m80tthinkcentre_m70tideacentre_5-14imb05thinkcentre_m90a_gen_2_firmwarethinkcentre_m90a_pro_gen_3thinkcentre_m90a_firmwarethinkcentre_m625q_firmwareyoga_aio_7_27arh7ideacentre_aio_5_24iah7ideacentre_aio_3_21itl7ideacentre_aio_5_27iah7_firmwareideacentre_aio_3-27imb05thinkstation_p348_workstation_firmwareideacentre_aio_3-24itl6_firmwarethinkstation_p920_workstationideacentre_aio_3_22iap7_firmwarethinkstation_p330_workstation_firmwarethinkcentre_m75t_gen_2_firmwarethinkstation_p360_ultra_workstationideacentre_aio_3-22iil5yoga_aio_7-27arh6_firmwareideacentre_aio_5_24iah7_firmwarethinkcentre_neo_70t_gen_3_firmwarethinkcentre_m90a_gen_3_firmwareideacentre_aio_3_24iap7_firmwareideacentre_aio_3-24iil5ideacentre_gaming_5-14iob6thinkcentre_m90q_tinythinkcentre_neo_50t_gen_3thinkcentre_m70t_firmwarelegion_t7-34imz5_firmwareideacentre_mini_5_01iaq7_firmwareideacentre_g5-14imb05thinkcentre_neo_30a_27_gen_4_firmwareideacentre_aio_3-24iil5_firmwareideacentre_t540-15ama_gthinkcentre_neo_70t_gen_3ideacentre_aio_3-22itl6thinkstation_p358_workstationideacentre_aio_3_27iap7_firmwarethinkstation_p350_tiny_workstation_firmwarethinkstation_p360_ultra_workstation_firmwarethinkcentre_m90t_firmwarev30a-24imlthinkcentre_m80sthinkcentre_m70q_gen_2thinkcentre_m75s_gen_2_firmwarelegion_t7-34iaz7thinkcentre_m80q_firmwarelegion_t5_26iab7_firmwarelegion_t5_26iab7ideacentre_aio_3-27itl6thinkcentre_m90s_firmwarethinkcentre_m630e_firmwareideacentre_aio_3-22imb05v50t-13iob_firmwarethinkcentre_neo_30a_22_gen_3_firmwareideacentre_mini_5-01imh05thinkcentre_m80t_gen_3_firmwareideacentre_aio_3_22iap7ideacentre_gaming_5_17acn7ideacentre_aio_3_21itl7_firmwarethinkstation_p340_tiny_workstationthinkcentre_neo_30a_22_gen_3thinkcentre_m90s_gen_3thinkstation_p320_workstationthinkcentre_neo_50t_gen_3_firmwarethinkstation_p348_workstationideacentre_t540-15ama_g_firmwareideacentre_aio_3_27iap7ideacentre_g5-14amr05_firmwarethinkcentre_m75n_firmwarethinkcentre_m80qthinkedge_se30ideacentre_5_14iab7ideacentre_mini_5-01imh05_firmwarelegion_t7_34irz8thinkcentre_m75nthinkstation_p920_workstation_firmwarelegion_t7-34imz5v30a-24iml_firmwarethinkcentre_m70t_gen_3_firmwarethinkstation_p520_workstationv50t-13imh_firmwarethinkcentre_m920z_all-in-onethinkcentre_neo_30a_24_gen_3_firmwarethinkstation_p520c_workstation_firmwareideacentre_3-07ada05thinkcentre_m70cthinkcentre_neo_30a_24_gen_4v50t-13iobthinkstation_p360_tiny_workstation_firmwareideacentre_aio_3-22iil5_firmwarethinkstation_p720_workstationthinkcentre_m75q_gen_2thinkcentre_m90q_gen_3_firmwarethinkcentre_m90athinkcentre_neo_50a_24_gen_4thinkcentre_m80s_gen_3v30a-24itl_firmwareideacentre_aio_3-22imb05_firmwareideacentre_c5-14imb05thinkcentre_m90s_gen_3_firmwarethinkcentre_m70s_gen_3ideacentre_aio_3_24iap7thinkcentre_m90q_gen_2_firmwarethinkcentre_m80q_gen_3v30a-24itlv50a-22imb_firmwarethinkstation_p360_tiny_workstationthinkcentre_m70sthinkcentre_neo_50a_24_gen_3_firmwarev50s-07imb_firmwarev30a-22imlthinkcentre_neo_30a_24_gen_4_firmwareideacentre_aio_3-24itl6ideacentre_c5-14imb05_firmwareideacentre_aio_3-27imb05_firmwarethinkcentre_m80s_gen_3_firmwarelegion_t5_26irb8_firmwarev30a-22iml_firmwareideacentre_3-07ada05_firmwarev30a-22itl_firmwarethinkcentre_m75q_gen_2_firmwarethinkstation_p360_workstation_firmwarethinkstation_p340_tiny_workstation_firmwareideacentre_5-14imb05_firmwarev50t-13imb_firmwareideacentre_gaming_5_17iab7ideacentre_3-07imb05_firmwareideacentre_5_14irb8thinkstation_p720_workstation_firmwareideacentre_g5-14amr05ideacentre_aio_3-24alc6_firmwareideacentre_gaming_5-14iob6_firmwarethinkcentre_m80t_firmwarethinkstation_p320_workstation_firmwarethinkcentre_m90a_gen_2ideacentre_5-14acn6thinkcentre_neo_50a_24_gen_3thinkcentre_neo_30a_22_gen_4_firmwarethinkcentre_m80s_firmwareideacentre_aio_5_27iah7ideacentre_3-07imb05legion_t7-34iaz7_firmwareideacentre_gaming_5_17iab7_firmwareideacentre_gaming_5-14acn6_firmwarethinkcentre_m75t_gen_2ideacentre_creator_5-14iob6_firmwarethinkcentre_m90t_gen_3v50t-13imhDesktop BIOS
CWE ID-CWE-126
Buffer Over-read
CVE-2022-3743
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 6.78%
||
7 Day CHG~0.00%
Published-23 Aug, 2023 | 19:42
Updated-01 Oct, 2024 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands.

Action-Not Available
Vendor-Lenovo Group Limited
Product-ideapad_1_15igl7legion_5-17imh05_firmwarev14_g2-itl_firmwareideapad_3-17itl6legion_5-15ith6hslim_7_prox_14iah7_firmwarelegion_5-15imh6ideapad_3_15iau7ideapad_1_15iau7slim_9-14itl05slim_7_pro-14ihu5yoga_slim_7_pro_14iah7ideapad_5-15itl05_firmwareideapad_3-17itl6_firmwareyoga_slim_7_pro-14ihu5_olegion_5-15ith6h_firmwareslim_7_carbon_13iap7v17_g3_iap_firmwarelegion_5_pro-16ith6legion_5-17ith6hv15_g3_iapyoga_slim_7_pro-14itl5ideapad_1_14igl7legion_5_15iah7h_firmwarelegion_5-17ith6_firmwareyoga_slim_9-14itl05_firmwareideapad_3-14igl05_firmwareideapad_3-14itl05_firmwarev14_g2_ijllegion_5p-15imh05h_firmwareideapad_3-14iml05_firmwarelegion_5-15imh6_firmwareideapad_1_14iau7yoga_slim_9_14iap7slim_7_pro-14ihu5_firmwarev15_g1-imllegion_5_pro_16iah7_firmwarev17-iilideapad_1-15ijl7slim_9_14iap7_firmwareyoga_slim_7_carbon_13iap7v17_g3_iapyoga_slim_7_pro_14iap7yoga_slim_7_prox_14iah7_firmwareideapad_3-17iml05ideapad_3-17iil05_firmwareideapad_1_14igl7_firmwareyoga_slim_7_pro-14itl5_firmwareideapad_3-15igl05yoga_slim_9_14iap7_firmwareideapad_3-15itl6v14_g3_iapideapad_1_14iau7_firmwarelegion_7-16ithg6_firmwareideapad_5_15ial7l3-15itl6_firmwareideapad_3-14iml05v15_g3_iap_firmwarelegion_5-17imh05h_firmwareyoga_slim_7_pro-14ihu5_o_firmwarelegion_5_pro_16iah7h_firmwarelegion_5_15iah7hv17_g2-itlideapad_3-15iml05legion_5-17imh05ideapad_3-15iil05_firmwarev15_g2_ijllegion_7_16iax7s14_g3_iap_firmwarelegion_5_15iah7_firmwarev15_g2-itl_firmwarev14_g1-imlyoga_7_14ial7_firmwarelegion_5_pro-16ith6hideapad_3_17iau7v15_g2_ijl_firmwareyoga_slim_7_carbon_13iap7_firmwareideapad_3_14iau7ideapad_3-14igl05legion_5-15imh05hv15-igl_firmwareideapad_3_17iau7_firmwarelegion_5-15imh05v14_g3_iap_firmwareslim_7_prox_14iah7ideapad_gaming_3-15imh05_firmwareslim_7_carbon_13iap7_firmwareideapad_3-15itl05ideapad_1_15igl7_firmwareyoga_7_16iap7legion_7-16ithg6ideapad_3-15iml05_firmwareideapad_3-15iil05ideapad_1_15iau7_firmwareideapad_3-17iml05_firmwarev14-igl_firmwarelegion_5p-15imh05hlegion_5-17ith6legion_5-17imh05hlegion_5p-15imh05ideapad_5-15itl05v15_g2-itllegion_5-17ith6h_firmwarelegion_5_pro-16ith6h_firmwarelegion_7_16iax7_firmwarelegion_5_pro_16iah7slim_7_14iap7yoga_7-15itl5ideapad_3-14itl6ideapad_gaming_3-15imh05s14_g2_itllegion_5p-15imh05_firmwareideapad_creator_5-15imh05yoga_slim_7_pro_14iap7_firmwarev15_g1-iml_firmwares14_g3_iapv15-iglyoga_7_14ial7ideapad_5-15iil05_firmwarelegion_5_15iah7yoga_7_16iap7_firmwarelegion_5-15ith6s540-13itlyoga_slim_7_prox_14iah7v17-iil_firmwareideapad_3_15iau7_firmwarev17_g2-itl_firmwareyoga_slim_9-14itl05ideapad_5_15ial7_firmwarelegion_5_pro_16iah7hideapad_3-15itl05_firmwareideapad_3-15igl05_firmwarethinkbook_15p_g2_ithyoga_7-14itl5yoga_7-14itl5_firmwareideapad_5-15iil05slim_9_14iap7v14_g1-iml_firmwareyoga_7-15itl5_firmwareslim_9-14itl05_firmwarev14-iglideapad_3-15itl6_firmwares540-13itl_firmwarev14_g2-itlideapad_3-14itl6_firmwareyoga_slim_7_pro-14ihu5ideapad_1-15ijl7_firmwarel3-15iml05_firmwarelegion_5-15ith6_firmwares14_g2_itl_firmwareyoga_9_14iap7legion_5-15imh05h_firmwarethinkbook_15p_g2_ith_firmwareyoga_9_14iap7_firmwareslim_7_14iap7_firmwareideapad_1-14ijl7_firmwareyoga_slim_7_pro_14iah7_firmwareideapad_3-14iil05ideapad_creator_5-15imh05_firmwareideapad_3_14iau7_firmwareideapad_3-17iil05v14_g2_ijl_firmwareideapad_3-14iil05_firmwareyoga_7_16iah7_firmwareideapad_3-14itl05ideapad_1-14ijl7l3-15itl6yoga_7_16iah7thinkbook_15p_imh_firmwareyoga_slim_7_pro-14ihu5_firmwarel3-15iml05thinkbook_15p_imhlegion_5_pro-16ith6_firmwarelegion_5-15imh05_firmwareNotebook
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-3745
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 7.06%
||
7 Day CHG~0.00%
Published-23 Aug, 2023 | 19:43
Updated-01 Oct, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI.

Action-Not Available
Vendor-Lenovo Group Limited
Product-ideapad_1_15igl7legion_5-17imh05_firmwarev14_g2-itl_firmwareideapad_3-17itl6legion_5-15ith6hslim_7_prox_14iah7_firmwarelegion_5-15imh6ideapad_3_15iau7ideapad_1_15iau7slim_9-14itl05slim_7_pro-14ihu5yoga_slim_7_pro_14iah7ideapad_5-15itl05_firmwareideapad_3-17itl6_firmwareyoga_slim_7_pro-14ihu5_olegion_5-15ith6h_firmwareslim_7_carbon_13iap7v17_g3_iap_firmwarelegion_5_pro-16ith6legion_5-17ith6hv15_g3_iapyoga_slim_7_pro-14itl5ideapad_1_14igl7legion_5_15iah7h_firmwarelegion_5-17ith6_firmwareyoga_slim_9-14itl05_firmwareideapad_3-14igl05_firmwareideapad_3-14itl05_firmwarev14_g2_ijllegion_5p-15imh05h_firmwareideapad_3-14iml05_firmwarelegion_5-15imh6_firmwareideapad_1_14iau7yoga_slim_9_14iap7slim_7_pro-14ihu5_firmwarev15_g1-imllegion_5_pro_16iah7_firmwarev17-iilideapad_1-15ijl7slim_9_14iap7_firmwareyoga_slim_7_carbon_13iap7v17_g3_iapyoga_slim_7_pro_14iap7yoga_slim_7_prox_14iah7_firmwareideapad_3-17iml05ideapad_3-17iil05_firmwareideapad_1_14igl7_firmwareyoga_slim_7_pro-14itl5_firmwareideapad_3-15igl05yoga_slim_9_14iap7_firmwareideapad_3-15itl6v14_g3_iapideapad_1_14iau7_firmwarelegion_7-16ithg6_firmwareideapad_5_15ial7l3-15itl6_firmwareideapad_3-14iml05v15_g3_iap_firmwarelegion_5-17imh05h_firmwareyoga_slim_7_pro-14ihu5_o_firmwarelegion_5_pro_16iah7h_firmwarelegion_5_15iah7hv17_g2-itlideapad_3-15iml05legion_5-17imh05ideapad_3-15iil05_firmwarev15_g2_ijllegion_7_16iax7s14_g3_iap_firmwarelegion_5_15iah7_firmwarev15_g2-itl_firmwarev14_g1-imlyoga_7_14ial7_firmwarelegion_5_pro-16ith6hideapad_3_17iau7v15_g2_ijl_firmwareyoga_slim_7_carbon_13iap7_firmwareideapad_3_14iau7ideapad_3-14igl05legion_5-15imh05hv15-igl_firmwareideapad_3_17iau7_firmwarelegion_5-15imh05v14_g3_iap_firmwareslim_7_prox_14iah7ideapad_gaming_3-15imh05_firmwareslim_7_carbon_13iap7_firmwareideapad_3-15itl05ideapad_1_15igl7_firmwareyoga_7_16iap7legion_7-16ithg6ideapad_3-15iml05_firmwareideapad_3-15iil05ideapad_1_15iau7_firmwareideapad_3-17iml05_firmwarev14-igl_firmwarelegion_5p-15imh05hlegion_5-17ith6legion_5-17imh05hlegion_5p-15imh05ideapad_5-15itl05v15_g2-itllegion_5-17ith6h_firmwarelegion_5_pro-16ith6h_firmwarelegion_7_16iax7_firmwarelegion_5_pro_16iah7slim_7_14iap7yoga_7-15itl5ideapad_3-14itl6ideapad_gaming_3-15imh05s14_g2_itllegion_5p-15imh05_firmwareideapad_creator_5-15imh05yoga_slim_7_pro_14iap7_firmwarev15_g1-iml_firmwares14_g3_iapv15-iglyoga_7_14ial7ideapad_5-15iil05_firmwarelegion_5_15iah7yoga_7_16iap7_firmwarelegion_5-15ith6s540-13itlyoga_slim_7_prox_14iah7v17-iil_firmwareideapad_3_15iau7_firmwarev17_g2-itl_firmwareyoga_slim_9-14itl05ideapad_5_15ial7_firmwarelegion_5_pro_16iah7hideapad_3-15itl05_firmwareideapad_3-15igl05_firmwarethinkbook_15p_g2_ithyoga_7-14itl5yoga_7-14itl5_firmwareideapad_5-15iil05slim_9_14iap7v14_g1-iml_firmwareyoga_7-15itl5_firmwareslim_9-14itl05_firmwarev14-iglideapad_3-15itl6_firmwares540-13itl_firmwarev14_g2-itlideapad_3-14itl6_firmwareyoga_slim_7_pro-14ihu5ideapad_1-15ijl7_firmwarel3-15iml05_firmwarelegion_5-15ith6_firmwares14_g2_itl_firmwareyoga_9_14iap7legion_5-15imh05h_firmwarethinkbook_15p_g2_ith_firmwareyoga_9_14iap7_firmwareslim_7_14iap7_firmwareideapad_1-14ijl7_firmwareyoga_slim_7_pro_14iah7_firmwareideapad_3-14iil05ideapad_creator_5-15imh05_firmwareideapad_3_14iau7_firmwareideapad_3-17iil05v14_g2_ijl_firmwareideapad_3-14iil05_firmwareyoga_7_16iah7_firmwareideapad_3-14itl05ideapad_1-14ijl7l3-15itl6yoga_7_16iah7thinkbook_15p_imh_firmwareyoga_slim_7_pro-14ihu5_firmwarel3-15iml05thinkbook_15p_imhlegion_5_pro-16ith6_firmwarelegion_5-15imh05_firmwareNotebook
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-8316
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.09% / 27.15%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 21:05
Updated-16 Sep, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-vantageVantage
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-45076
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.46%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 22:28
Updated-04 Sep, 2024 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

Action-Not Available
Vendor-Lenovo Group Limited
Product-v30a-24imlthinkcentre_m920qthinkcentre_m820z_all-in-one_firmwarethinkcentre_m70q_firmwarethinkcentre_m720s_firmwarethinkcentre_m80sthinkcentre_m75s_gen_2_firmwarethinkcentre_m720t_firmwarethinkcentre_m80q_firmwarethinkcentre_m920q_firmwarethinkstation_p340_workstationthinkcentre_m920sthinkcentre_m90s_firmwarethinkcentre_m630e_firmwarethinkcentre_m70s_firmwarethinkcentre_m90q_tiny_firmwareideacentre_mini_5-01imh05ideacentre_g5-14imb05_firmwarethinkstation_p330_workstationthinkcentre_m720qthinkcentre_m70qthinkstation_p340_workstation_firmwarev55t_gen_2_13acnthinkstation_p330_tiny_workstation_firmwarethinkstation_p340_tiny_workstationthinkstation_p320_workstationthinkcentre_m630ethinkstation_p520_workstation_firmwarethinkcentre_m625qthinkstation_p348_workstationthinkstation_p360_workstationv50t-13imbideacentre_g5-14amr05_firmwarethinkcentre_m75n_firmwarethinkcentre_m80qthinkstation_p350_workstationthinkcentre_m720sideacentre_mini_5_01iaq7thinkstation_p520c_workstationthinkedge_se30thinkstation_p350_workstation_firmwareideacentre_5-14iob6ideacentre_mini_5-01imh05_firmwarethinkstation_p330_workstation_2nd_genv50a-24imb_firmwarethinkcentre_m70c_firmwarethinkcentre_m920t_firmwarev55t_gen_2_13acn_firmwarethinkcentre_m90tthinkstation_p330_workstation_2nd_gen_firmwarethinkcentre_m75nthinkstation_p920_workstation_firmwareideacentre_5-14iob6_firmwarethinkcentre_m920tlegion_t7-34imz5v30a-24iml_firmwarethinkstation_p520_workstationthinkcentre_m70a_firmwarethinkedge_se30_firmwarev50t-13imh_firmwarethinkcentre_m720tthinkcentre_m920z_all-in-onethinkstation_p520c_workstation_firmwareideacentre_3-07ada05thinkcentre_m70cthinkcentre_m920z_all-in-one_firmwarev50a-22imbv50a-24imbthinkcentre_m90sthinkstation_p720_workstationthinkcentre_m75q_gen_2thinkcentre_m90av50s-07imbideacentre_c5-14imb05ideacentre_creator_5-14iob6thinkcentre_m75s_gen_2v50a-22imb_firmwarethinkcentre_m70sthinkcentre_m80tthinkcentre_m70tv50s-07imb_firmwarev30a-22imlthinkcentre_m625q_firmwarethinkcentre_m90a_firmwarethinkcentre_m920s_firmwarethinkcentre_m720q_firmwareideacentre_c5-14imb05_firmwarethinkcentre_m70av30a-22iml_firmwarethinkstation_p348_workstation_firmwarethinkstation_p920_workstationthinkstation_p330_workstation_firmwareideacentre_3-07ada05_firmwarethinkstation_p360_workstation_firmwarethinkcentre_m75t_gen_2_firmwarethinkcentre_m75q_gen_2_firmwarethinkstation_p340_tiny_workstation_firmwarev50t-13imb_firmwareideacentre_3-07imb05_firmwarev50t-13iob_g2_firmwarev50t-13iob_g2thinkstation_p720_workstation_firmwareideacentre_g5-14amr05ideacentre_gaming_5-14iob6_firmwarethinkcentre_m80t_firmwareideacentre_gaming_5-14iob6thinkcentre_m90q_tinylegion_t7-34imz5_firmwarethinkcentre_m70t_firmwareideacentre_g5-14imb05ideacentre_mini_5_01iaq7_firmwarethinkcentre_m920xthinkstation_p320_workstation_firmwarethinkcentre_m80s_firmwareideacentre_3-07imb05thinkcentre_m75t_gen_2ideacentre_creator_5-14iob6_firmwarethinkcentre_m820z_all-in-onev50t-13imhthinkcentre_m920x_firmwarethinkstation_p330_tiny_workstationthinkcentre_m90t_firmwareBIOSbios
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-45078
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.46%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 22:30
Updated-04 Sep, 2024 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

Action-Not Available
Vendor-Lenovo Group Limited
Product-v30a-24imlthinkcentre_m920qthinkcentre_m820z_all-in-one_firmwarethinkcentre_m70q_firmwarethinkcentre_m720s_firmwarethinkcentre_m80sthinkcentre_m75s_gen_2_firmwarethinkcentre_m720t_firmwarethinkcentre_m80q_firmwarethinkcentre_m920q_firmwarethinkstation_p340_workstationthinkcentre_m920sthinkcentre_m90s_firmwarethinkcentre_m630e_firmwarethinkcentre_m70s_firmwarethinkcentre_m90q_tiny_firmwareideacentre_mini_5-01imh05ideacentre_g5-14imb05_firmwarethinkstation_p330_workstationthinkcentre_m720qthinkcentre_m70qthinkstation_p340_workstation_firmwarev55t_gen_2_13acnthinkstation_p330_tiny_workstation_firmwarethinkstation_p340_tiny_workstationthinkstation_p320_workstationthinkcentre_m630ethinkstation_p520_workstation_firmwarethinkcentre_m625qthinkstation_p348_workstationthinkstation_p360_workstationv50t-13imbideacentre_g5-14amr05_firmwarethinkcentre_m75n_firmwarethinkcentre_m80qthinkstation_p350_workstationthinkcentre_m720sideacentre_mini_5_01iaq7thinkstation_p520c_workstationthinkedge_se30thinkstation_p350_workstation_firmwareideacentre_5-14iob6ideacentre_mini_5-01imh05_firmwarethinkstation_p330_workstation_2nd_genv50a-24imb_firmwarethinkcentre_m70c_firmwarethinkcentre_m920t_firmwarev55t_gen_2_13acn_firmwarethinkcentre_m90tthinkstation_p330_workstation_2nd_gen_firmwarethinkcentre_m75nthinkstation_p920_workstation_firmwareideacentre_5-14iob6_firmwarethinkcentre_m920tlegion_t7-34imz5v30a-24iml_firmwarethinkstation_p520_workstationthinkcentre_m70a_firmwarethinkedge_se30_firmwarev50t-13imh_firmwarethinkcentre_m720tthinkcentre_m920z_all-in-onethinkstation_p520c_workstation_firmwareideacentre_3-07ada05thinkcentre_m70cthinkcentre_m920z_all-in-one_firmwarev50a-22imbv50a-24imbthinkcentre_m90sthinkstation_p720_workstationthinkcentre_m75q_gen_2thinkcentre_m90av50s-07imbideacentre_c5-14imb05ideacentre_creator_5-14iob6thinkcentre_m75s_gen_2v50a-22imb_firmwarethinkcentre_m70sthinkcentre_m80tthinkcentre_m70tv50s-07imb_firmwarev30a-22imlthinkcentre_m625q_firmwarethinkcentre_m90a_firmwarethinkcentre_m920s_firmwarethinkcentre_m720q_firmwareideacentre_c5-14imb05_firmwarethinkcentre_m70av30a-22iml_firmwarethinkstation_p348_workstation_firmwarethinkstation_p920_workstationthinkstation_p330_workstation_firmwareideacentre_3-07ada05_firmwarethinkstation_p360_workstation_firmwarethinkcentre_m75t_gen_2_firmwarethinkcentre_m75q_gen_2_firmwarethinkstation_p340_tiny_workstation_firmwarev50t-13imb_firmwareideacentre_3-07imb05_firmwarev50t-13iob_g2_firmwarev50t-13iob_g2thinkstation_p720_workstation_firmwareideacentre_g5-14amr05ideacentre_gaming_5-14iob6_firmwarethinkcentre_m80t_firmwareideacentre_gaming_5-14iob6thinkcentre_m90q_tinylegion_t7-34imz5_firmwarethinkcentre_m70t_firmwareideacentre_g5-14imb05ideacentre_mini_5_01iaq7_firmwarethinkcentre_m920xthinkstation_p320_workstation_firmwarethinkcentre_m80s_firmwareideacentre_3-07imb05thinkcentre_m75t_gen_2ideacentre_creator_5-14iob6_firmwarethinkcentre_m820z_all-in-onev50t-13imhthinkcentre_m920x_firmwarethinkstation_p330_tiny_workstationthinkcentre_m90t_firmwareBIOSbios
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-45077
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.46%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 22:30
Updated-04 Sep, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

Action-Not Available
Vendor-Lenovo Group Limited
Product-v30a-24imlthinkcentre_m920qthinkcentre_m820z_all-in-one_firmwarethinkcentre_m70q_firmwarethinkcentre_m720s_firmwarethinkcentre_m80sthinkcentre_m75s_gen_2_firmwarethinkcentre_m720t_firmwarethinkcentre_m80q_firmwarethinkcentre_m920q_firmwarethinkstation_p340_workstationthinkcentre_m920sthinkcentre_m90s_firmwarethinkcentre_m630e_firmwarethinkcentre_m70s_firmwarethinkcentre_m90q_tiny_firmwareideacentre_mini_5-01imh05ideacentre_g5-14imb05_firmwarethinkstation_p330_workstationthinkcentre_m720qthinkcentre_m70qthinkstation_p340_workstation_firmwarev55t_gen_2_13acnthinkstation_p330_tiny_workstation_firmwarethinkstation_p340_tiny_workstationthinkstation_p320_workstationthinkcentre_m630ethinkstation_p520_workstation_firmwarethinkcentre_m625qthinkstation_p348_workstationthinkstation_p360_workstationv50t-13imbideacentre_g5-14amr05_firmwarethinkcentre_m75n_firmwarethinkcentre_m80qthinkstation_p350_workstationthinkcentre_m720sideacentre_mini_5_01iaq7thinkstation_p520c_workstationthinkedge_se30thinkstation_p350_workstation_firmwareideacentre_5-14iob6ideacentre_mini_5-01imh05_firmwarethinkstation_p330_workstation_2nd_genv50a-24imb_firmwarethinkcentre_m70c_firmwarethinkcentre_m920t_firmwarev55t_gen_2_13acn_firmwarethinkcentre_m90tthinkstation_p330_workstation_2nd_gen_firmwarethinkcentre_m75nthinkstation_p920_workstation_firmwareideacentre_5-14iob6_firmwarethinkcentre_m920tlegion_t7-34imz5v30a-24iml_firmwarethinkstation_p520_workstationthinkcentre_m70a_firmwarethinkedge_se30_firmwarev50t-13imh_firmwarethinkcentre_m720tthinkcentre_m920z_all-in-onethinkstation_p520c_workstation_firmwareideacentre_3-07ada05thinkcentre_m70cthinkcentre_m920z_all-in-one_firmwarev50a-22imbv50a-24imbthinkcentre_m90sthinkstation_p720_workstationthinkcentre_m75q_gen_2thinkcentre_m90av50s-07imbideacentre_c5-14imb05ideacentre_creator_5-14iob6thinkcentre_m75s_gen_2v50a-22imb_firmwarethinkcentre_m70sthinkcentre_m80tthinkcentre_m70tv50s-07imb_firmwarev30a-22imlthinkcentre_m625q_firmwarethinkcentre_m90a_firmwarethinkcentre_m920s_firmwarethinkcentre_m720q_firmwareideacentre_c5-14imb05_firmwarethinkcentre_m70av30a-22iml_firmwarethinkstation_p348_workstation_firmwarethinkstation_p920_workstationthinkstation_p330_workstation_firmwareideacentre_3-07ada05_firmwarethinkstation_p360_workstation_firmwarethinkcentre_m75t_gen_2_firmwarethinkcentre_m75q_gen_2_firmwarethinkstation_p340_tiny_workstation_firmwarev50t-13imb_firmwareideacentre_3-07imb05_firmwarev50t-13iob_g2_firmwarev50t-13iob_g2thinkstation_p720_workstation_firmwareideacentre_g5-14amr05ideacentre_gaming_5-14iob6_firmwarethinkcentre_m80t_firmwareideacentre_gaming_5-14iob6thinkcentre_m90q_tinylegion_t7-34imz5_firmwarethinkcentre_m70t_firmwareideacentre_g5-14imb05ideacentre_mini_5_01iaq7_firmwarethinkcentre_m920xthinkstation_p320_workstation_firmwarethinkcentre_m80s_firmwareideacentre_3-07imb05thinkcentre_m75t_gen_2ideacentre_creator_5-14iob6_firmwarethinkcentre_m820z_all-in-onev50t-13imhthinkcentre_m920x_firmwarethinkstation_p330_tiny_workstationthinkcentre_m90t_firmwareBIOSbios
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-8058
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.6||HIGH
EPSS-0.16% / 37.42%
||
7 Day CHG+0.01%
Published-16 Dec, 2024 | 17:04
Updated-16 Dec, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper parsing vulnerability was reported in the FileZ client that could allow a crafted file in the FileZ directory to read arbitrary files on the device due to URL preloading.

Action-Not Available
Vendor-Lenovo Group Limited
Product-FileZ Client
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CVE-2023-25494
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.60%
||
7 Day CHG+0.01%
Published-05 Apr, 2024 | 20:46
Updated-02 Aug, 2024 | 11:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability were reported in the BIOS of some Desktop, Smart Edge, and ThinkStation products that could allow a local attacker with elevated privileges to write to NVRAM variables.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Desktop BIOS, Smart Edge BIOS, ThinkStation BIOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-45079
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.46%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 22:32
Updated-04 Sep, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

Action-Not Available
Vendor-Lenovo Group Limited
Product-v30a-24imlthinkcentre_m920qthinkcentre_m820z_all-in-one_firmwarethinkcentre_m70q_firmwarethinkcentre_m720s_firmwarethinkcentre_m80sthinkcentre_m75s_gen_2_firmwarethinkcentre_m720t_firmwarethinkcentre_m80q_firmwarethinkcentre_m920q_firmwarethinkstation_p340_workstationthinkcentre_m920sthinkcentre_m90s_firmwarethinkcentre_m630e_firmwarethinkcentre_m70s_firmwarethinkcentre_m90q_tiny_firmwareideacentre_mini_5-01imh05ideacentre_g5-14imb05_firmwarethinkstation_p330_workstationthinkcentre_m720qthinkcentre_m70qthinkstation_p340_workstation_firmwarev55t_gen_2_13acnthinkstation_p330_tiny_workstation_firmwarethinkstation_p340_tiny_workstationthinkstation_p320_workstationthinkcentre_m630ethinkstation_p520_workstation_firmwarethinkcentre_m625qthinkstation_p348_workstationthinkstation_p360_workstationv50t-13imbideacentre_g5-14amr05_firmwarethinkcentre_m75n_firmwarethinkcentre_m80qthinkstation_p350_workstationthinkcentre_m720sideacentre_mini_5_01iaq7thinkstation_p520c_workstationthinkedge_se30thinkstation_p350_workstation_firmwareideacentre_5-14iob6ideacentre_mini_5-01imh05_firmwarethinkstation_p330_workstation_2nd_genv50a-24imb_firmwarethinkcentre_m70c_firmwarethinkcentre_m920t_firmwarev55t_gen_2_13acn_firmwarethinkcentre_m90tthinkstation_p330_workstation_2nd_gen_firmwarethinkcentre_m75nthinkstation_p920_workstation_firmwareideacentre_5-14iob6_firmwarethinkcentre_m920tlegion_t7-34imz5v30a-24iml_firmwarethinkstation_p520_workstationthinkcentre_m70a_firmwarethinkedge_se30_firmwarev50t-13imh_firmwarethinkcentre_m720tthinkcentre_m920z_all-in-onethinkstation_p520c_workstation_firmwareideacentre_3-07ada05thinkcentre_m70cthinkcentre_m920z_all-in-one_firmwarev50a-22imbv50a-24imbthinkcentre_m90sthinkstation_p720_workstationthinkcentre_m75q_gen_2thinkcentre_m90av50s-07imbideacentre_c5-14imb05ideacentre_creator_5-14iob6thinkcentre_m75s_gen_2v50a-22imb_firmwarethinkcentre_m70sthinkcentre_m80tthinkcentre_m70tv50s-07imb_firmwarev30a-22imlthinkcentre_m625q_firmwarethinkcentre_m90a_firmwarethinkcentre_m920s_firmwarethinkcentre_m720q_firmwareideacentre_c5-14imb05_firmwarethinkcentre_m70av30a-22iml_firmwarethinkstation_p348_workstation_firmwarethinkstation_p920_workstationthinkstation_p330_workstation_firmwareideacentre_3-07ada05_firmwarethinkstation_p360_workstation_firmwarethinkcentre_m75t_gen_2_firmwarethinkcentre_m75q_gen_2_firmwarethinkstation_p340_tiny_workstation_firmwarev50t-13imb_firmwareideacentre_3-07imb05_firmwarev50t-13iob_g2_firmwarev50t-13iob_g2thinkstation_p720_workstation_firmwareideacentre_g5-14amr05ideacentre_gaming_5-14iob6_firmwarethinkcentre_m80t_firmwareideacentre_gaming_5-14iob6thinkcentre_m90q_tinylegion_t7-34imz5_firmwarethinkcentre_m70t_firmwareideacentre_g5-14imb05ideacentre_mini_5_01iaq7_firmwarethinkcentre_m920xthinkstation_p320_workstation_firmwarethinkcentre_m80s_firmwareideacentre_3-07imb05thinkcentre_m75t_gen_2ideacentre_creator_5-14iob6_firmwarethinkcentre_m820z_all-in-onev50t-13imhthinkcentre_m920x_firmwarethinkstation_p330_tiny_workstationthinkcentre_m90t_firmwareBIOSbios
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-45075
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.46%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 22:27
Updated-04 Sep, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

Action-Not Available
Vendor-Lenovo Group Limited
Product-v30a-24imlthinkcentre_m920qthinkcentre_m820z_all-in-one_firmwarethinkcentre_m70q_firmwarethinkcentre_m720s_firmwarethinkcentre_m80sthinkcentre_m75s_gen_2_firmwarethinkcentre_m720t_firmwarethinkcentre_m80q_firmwarethinkcentre_m920q_firmwarethinkstation_p340_workstationthinkcentre_m920sthinkcentre_m90s_firmwarethinkcentre_m630e_firmwarethinkcentre_m70s_firmwarethinkcentre_m90q_tiny_firmwareideacentre_mini_5-01imh05ideacentre_g5-14imb05_firmwarethinkstation_p330_workstationthinkcentre_m720qthinkcentre_m70qthinkstation_p340_workstation_firmwarev55t_gen_2_13acnthinkstation_p330_tiny_workstation_firmwarethinkstation_p340_tiny_workstationthinkstation_p320_workstationthinkcentre_m630ethinkstation_p520_workstation_firmwarethinkcentre_m625qthinkstation_p348_workstationthinkstation_p360_workstationv50t-13imbideacentre_g5-14amr05_firmwarethinkcentre_m75n_firmwarethinkcentre_m80qthinkstation_p350_workstationthinkcentre_m720sideacentre_mini_5_01iaq7thinkstation_p520c_workstationthinkedge_se30thinkstation_p350_workstation_firmwareideacentre_5-14iob6ideacentre_mini_5-01imh05_firmwarethinkstation_p330_workstation_2nd_genv50a-24imb_firmwarethinkcentre_m70c_firmwarethinkcentre_m920t_firmwarev55t_gen_2_13acn_firmwarethinkcentre_m90tthinkstation_p330_workstation_2nd_gen_firmwarethinkcentre_m75nthinkstation_p920_workstation_firmwareideacentre_5-14iob6_firmwarethinkcentre_m920tlegion_t7-34imz5v30a-24iml_firmwarethinkstation_p520_workstationthinkcentre_m70a_firmwarethinkedge_se30_firmwarev50t-13imh_firmwarethinkcentre_m720tthinkcentre_m920z_all-in-onethinkstation_p520c_workstation_firmwareideacentre_3-07ada05thinkcentre_m70cthinkcentre_m920z_all-in-one_firmwarev50a-22imbv50a-24imbthinkcentre_m90sthinkstation_p720_workstationthinkcentre_m75q_gen_2thinkcentre_m90av50s-07imbideacentre_c5-14imb05ideacentre_creator_5-14iob6thinkcentre_m75s_gen_2v50a-22imb_firmwarethinkcentre_m70sthinkcentre_m80tthinkcentre_m70tv50s-07imb_firmwarev30a-22imlthinkcentre_m625q_firmwarethinkcentre_m90a_firmwarethinkcentre_m920s_firmwarethinkcentre_m720q_firmwareideacentre_c5-14imb05_firmwarethinkcentre_m70av30a-22iml_firmwarethinkstation_p348_workstation_firmwarethinkstation_p920_workstationthinkstation_p330_workstation_firmwareideacentre_3-07ada05_firmwarethinkstation_p360_workstation_firmwarethinkcentre_m75t_gen_2_firmwarethinkcentre_m75q_gen_2_firmwarethinkstation_p340_tiny_workstation_firmwarev50t-13imb_firmwareideacentre_3-07imb05_firmwarev50t-13iob_g2_firmwarev50t-13iob_g2thinkstation_p720_workstation_firmwareideacentre_g5-14amr05ideacentre_gaming_5-14iob6_firmwarethinkcentre_m80t_firmwareideacentre_gaming_5-14iob6thinkcentre_m90q_tinylegion_t7-34imz5_firmwarethinkcentre_m70t_firmwareideacentre_g5-14imb05ideacentre_mini_5_01iaq7_firmwarethinkcentre_m920xthinkstation_p320_workstation_firmwarethinkcentre_m80s_firmwareideacentre_3-07imb05thinkcentre_m75t_gen_2ideacentre_creator_5-14iob6_firmwarethinkcentre_m820z_all-in-onev50t-13imhthinkcentre_m920x_firmwarethinkstation_p330_tiny_workstationthinkcentre_m90t_firmwareBIOSbios
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21196
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 4.05%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-02 Aug, 2024 | 09:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261857395

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21170
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 6.10%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-03 Dec, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In executeSetClientTarget of ComposerCommandEngine.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252764410

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-20798
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 2.66%
||
7 Day CHG~0.00%
Published-07 Aug, 2023 | 03:21
Updated-17 Oct, 2024 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6895mt6985mt8188androidmt6886mt8395mt8673mt6983mt8195mt2713mt6879MT2713, MT6855, MT6879, MT6886, MT6895, MT6983, MT6985, MT8188, MT8195, MT8395, MT8673
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2023-21188
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 3.44%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-04 Dec, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-264624283

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-20719
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 1.46%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 00:00
Updated-24 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629583; Issue ID: ALPS07629583.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6781mt6853tmt6855mt6889mt6895mt6983mt6893mt6833mt6765androidmt6877mt8195mt8167mt6879mt8168mt6768mt6739mt6785mt6873mt6853mt6789mt8673mt6883mt6761mt6885mt6985mt6580MT6580, MT6739, MT6761, MT6765, MT6768, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8168, MT8195, MT8673
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21210
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 2.48%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-03 Dec, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In initiateHs20IconQueryInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262236331

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21204
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 4.26%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-03 Dec, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262246231

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-9408
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.05%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 23:34
Updated-19 Dec, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In m3326_gps_write and m3326_gps_read of gps.s, there is a possible Out Of Bounds Read due to a missing bounds check. This could lead to a local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21199
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 4.26%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-04 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In btu_ble_proc_ltk_req of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254445961

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-20986
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.71%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In btm_ble_clear_resolving_list_completecomplete of btm_ble_privacy.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255304475

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-20679
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 3.72%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588453.

Action-Not Available
Vendor-yoctoprojectLinux Kernel Organization, IncMediaTek Inc.Google LLC
Product-androidmt7921mt8175mt7668mt8365mt8797mt8781mt7902mt8771mt6877mt8695mt8798mt6833mt8786mt8168mt8362amt8518yoctomt8385mt6789mt6879mt8185mt8788linux_kernelmt5221mt6983mt8768mt8675mt8789mt6895mt8532mt6781mt7663mt8766mt8169mt6855mt8167smt8791tMT5221, MT6781, MT6789, MT6833, MT6855, MT6877, MT6879, MT6895, MT6983, MT7663, MT7668, MT7902, MT7921, MT8167S, MT8168, MT8169, MT8175, MT8185, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8675, MT8695, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-20609
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 11.57%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ccu, there is a possible out of bounds read due to a logic error. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570864; Issue ID: ALPS07570864.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6877androidmt6893mt8786mt8768mt8791mt8797mt6833mt6853mt6873mt6885MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8768, MT8786, MT8791, MT8797
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-20728
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 2.86%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 12:11
Updated-07 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573603; Issue ID: ALPS07573603.

Action-Not Available
Vendor-Google LLCMediaTek Inc.The Linux Foundation
Product-mt6855mt6879mt8175mt8675mt6886mt8395mt8788mt8791tmt6983mt7902mt7663mt6835mt8768mt8789mt8797mt8362amt8781mt8766mt8786mt6985mt8695mt8167smt8385mt6833mt8673mt8518yoctomt6877mt6781mt8365mt8195mt6895mt8168mt6789androidmt8185mt8791mt7668mt8532mt7921MT6781, MT6789, MT6833, MT6835, MT6855, MT6877, MT6879, MT6886, MT6895, MT6983, MT6985, MT7663, MT7668, MT7902, MT7921, MT8167S, MT8168, MT8175, MT8185, MT8195, MT8362A, MT8365, MT8385, MT8395, MT8518, MT8532, MT8673, MT8675, MT8695, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-20729
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 2.86%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 12:11
Updated-08 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573552; Issue ID: ALPS07573575.

Action-Not Available
Vendor-Google LLCMediaTek Inc.The Linux Foundation
Product-mt8532mt6985androidmt8518mt7902yoctomt8365mt7921MT6985, MT7902, MT7921, MT8365, MT8518, MT8532
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-20969
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 1.21%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262236313

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21006
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 2.00%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-26 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257030027

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-20677
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 2.86%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 00:00
Updated-23 Oct, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588436.

Action-Not Available
Vendor-yoctoprojectLinux Kernel Organization, IncGoogle LLCMediaTek Inc.The Linux Foundation
Product-mt6855mt8175mt8675mt8169mt8788mt8791tmt6983mt7902mt7663mt5221mt7921mt8768mt8789mt8797mt8362amt8781mt8766mt8786mt8695mt8167smt8385mt6833mt8518yoctomt6877mt6781mt8365mt6895mt8168mt6789mt8798linux_kernelandroidmt8185mt7668mt8771mt8532mt6879MT5221, MT6781, MT6789, MT6833, MT6855, MT6877, MT6879, MT6895, MT6983, MT7663, MT7668, MT7902, MT7921, MT8167S, MT8168, MT8169, MT8175, MT8185, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8675, MT8695, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798mt6855mt6879mt8175mt8675mt8169mt8788mt8791tmt6983mt7902mt7663mt5221mt8768mt8789mt8797mt8362amt8781mt8766mt8786mt8695mt8167smt8385mt6833mt8518yoctomt6877mt6781mt8365mt6895mt8168mt6789mt8798androidmt8185mt7668mt8771mt8532mt7921
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21206
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 6.04%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-04 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In initiateVenueUrlAnqpQueryInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262245630

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-21194
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 4.26%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-04 Dec, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In gatt_dbg_op_name of gatt_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260079141

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21213
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 5.74%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-03 Dec, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In initiateTdlsTeardownInternal of sta_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262235951

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-20698
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 1.21%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 00:00
Updated-23 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07589144; Issue ID: ALPS07589144.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt8766androidmt6891mt8185mt6879mt8789mt6877mt6885mt6762mt8666mt6781mt6833mt6893mt6765mt6983mt8768mt6739mt6789mt6580mt6853tmt6731mt8786mt8765mt6763mt8791mt6737mt6779mt6895mt8321mt8667mt8788mt6883mt6757chmt6771mt6757cdmt6769mt8385mt6757mt6889mt8797mt6768mt6757cmt8675mt6753mt6785mt6875mt8673mt8781mt8791tmt6873mt6761mt6853mt6735MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21359
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 1.76%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-02 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-20748
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 2.86%
||
7 Day CHG~0.00%
Published-04 Jul, 2023 | 01:45
Updated-21 Nov, 2024 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07536951; Issue ID: ALPS07536951.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6895mt6985androidmt6886mt8673mt6983mt8781mt6879MT6879, MT6886, MT6895, MT6983, MT6985, MT8673, MT8781
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-20697
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 1.21%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 00:00
Updated-23 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07589148; Issue ID: ALPS07589148.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt8766androidmt6891mt8185mt6879mt8789mt6877mt6885mt6762mt8666mt6781mt6833mt6893mt6765mt6983mt8768mt6739mt6789mt6580mt6853tmt6731mt8786mt8765mt6763mt8791mt6737mt6779mt6895mt8321mt8667mt8788mt6883mt6757chmt6771mt6757cdmt6769mt8385mt6757mt6889mt8797mt6768mt6757cmt8675mt6753mt6785mt6875mt8673mt8781mt8791tmt6873mt6761mt6853mt6735MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21148
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 7.14%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-03 Dec, 2024 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In BuildSetConfig of protocolimsbuilder.cpp, there is a possible out of bounds read due to a missing null check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783657References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21314
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 1.55%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-02 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21379
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 1.67%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 17:01
Updated-02 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21154
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 7.14%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-03 Dec, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In StoreAdbSerialNumber of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783910References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-20982
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.71%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In btm_read_tx_power_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568083

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21158
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 3.44%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-03 Dec, 2024 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In encode of miscdata.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783635References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found