Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-5081

Summary
Assigner-lenovo
Assigner Org ID-da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At-19 Jan, 2024 | 20:07
Updated At-30 May, 2025 | 14:25
Rejected At-
Credits

An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:lenovo
Assigner Org ID:da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At:19 Jan, 2024 | 20:07
Updated At:30 May, 2025 | 14:25
Rejected At:
▼CVE Numbering Authority (CNA)

An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier.

Affected Products
Vendor
Lenovo Group LimitedLenovo
Product
Tablet
Default Status
unaffected
Versions
Affected
  • various
Problem Types
TypeCWE IDDescription
CWECWE-497CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere
Type: CWE
CWE ID: CWE-497
Description: CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere
Metrics
VersionBase scoreBase severityVector
3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update to the version (or newer) indicated for your model in the Product Impact section in the advisory: https://support.lenovo.com/us/en/product_security/LEN-142135

Configurations
Workarounds
Exploits
Credits
finder
Lenovo thanks Ryan Johnson and Mohamed Elsabagh of Quokka for reporting this issue.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.lenovo.com/us/en/product_security/LEN-142135
N/A
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-142135
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.lenovo.com/us/en/product_security/LEN-142135
x_transferred
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-142135
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@lenovo.com
Published At:19 Jan, 2024 | 20:15
Updated At:16 Sep, 2024 | 15:15

An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Lenovo Group Limited
lenovo
>>tab_m8_hd_tb8505f_firmware>>Versions before 8505f_usr_s301106_2309140042_v9.56_bmp_row(exclusive)
cpe:2.3:o:lenovo:tab_m8_hd_tb8505f_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>tab_m8_hd_tb8505f>>-
cpe:2.3:h:lenovo:tab_m8_hd_tb8505f:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>tab_m8_hd_tb8505fs_firmware>>Versions before 8505fs_usr_s301107_2309140028_v9.56_bmp_row(exclusive)
cpe:2.3:o:lenovo:tab_m8_hd_tb8505fs_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>tab_m8_hd_tb8505fs>>-
cpe:2.3:h:lenovo:tab_m8_hd_tb8505fs:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>tab_m8_hd_tb8505x_firmware>>Versions before 8505x_usr_s301129_2309141226_v9.56_bmp_row(exclusive)
cpe:2.3:o:lenovo:tab_m8_hd_tb8505x_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>tab_m8_hd_tb8505x>>-
cpe:2.3:h:lenovo:tab_m8_hd_tb8505x:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>tab_m8_hd_tb8505xs_firmware>>Versions before 8505xs_usr_s301077_2309140036_v9.56_bmp_row(exclusive)
cpe:2.3:o:lenovo:tab_m8_hd_tb8505xs_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>tab_m8_hd_tb8505xs>>-
cpe:2.3:h:lenovo:tab_m8_hd_tb8505xs:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-497Secondarypsirt@lenovo.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-497
Type: Secondary
Source: psirt@lenovo.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.lenovo.com/us/en/product_security/LEN-142135psirt@lenovo.com
Vendor Advisory
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-142135
Source: psirt@lenovo.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2023-4605
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.86%
||
7 Day CHG+0.02%
Published-05 Apr, 2024 | 20:44
Updated-12 Aug, 2024 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve system event information.

Action-Not Available
Vendor-LenovoLenovo Group Limited
Product-XClarity Administratorxclarity_administrator
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2024-0053
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.3||LOW
EPSS-0.02% / 4.43%
||
7 Day CHG~0.00%
Published-11 Mar, 2024 | 16:35
Updated-27 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2025-46718
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.3||LOW
EPSS-0.02% / 3.45%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 14:54
Updated-09 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the `-U` flag. This vulnerability allows users with limited sudo privileges to enumerate the sudoers file, revealing sensitive information about other users' permissions. Attackers can collect information that can be used to more targeted attacks. Systems where users either do not have sudo privileges or have the ability to run all commands as root through sudo (the default configuration on most systems) are not affected by this advisory. Version 0.2.6 fixes the vulnerability.

Action-Not Available
Vendor-trifectatechtrifectatechfoundation
Product-sudosudo-rs
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2025-46717
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.3||LOW
EPSS-0.02% / 2.36%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 14:52
Updated-09 Jul, 2025 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no (or very limited) sudo privileges can determine whether files exists in folders that they otherwise cannot access using `sudo --list <pathname>`. Users with local access to a machine can discover the existence/non-existence of certain files, revealing potentially sensitive information in the file names. This information can also be used in conjunction with other attacks. Version 0.2.6 fixes the vulnerability.

Action-Not Available
Vendor-trifectatechtrifectatechfoundation
Product-sudosudo-rs
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2025-24334
Matching Score-4
Assigner-Nokia
ShareView Details
Matching Score-4
Assigner-Nokia
CVSS Score-3.3||LOW
EPSS-0.01% / 2.00%
||
7 Day CHG~0.00%
Published-02 Jul, 2025 | 08:34
Updated-03 Jul, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The Nokia Single RAN baseband reveals its software version through the MNO internal RAN management network

The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator (MNO) internal RAN management network.

Action-Not Available
Vendor-Nokia Corporation
Product-Nokia Single RAN
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2025-23288
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-3.3||LOW
EPSS-0.01% / 1.45%
||
7 Day CHG~0.00%
Published-02 Aug, 2025 | 22:10
Updated-04 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability  where an attacker may cause an exposure of sensitive system information with local unprivileged system access. A successful exploit of this vulnerability may lead to Information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-GPU Display Drivers
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2025-23287
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-3.3||LOW
EPSS-0.01% / 1.45%
||
7 Day CHG~0.00%
Published-02 Aug, 2025 | 22:10
Updated-04 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may access sensitive system-level information. A successful exploit of this vulnerability may lead to Information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-GPU Display Drivers
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Details not found