Buffer Overflow Vulnerability in SetupUtility Driver for Lenovo Notebooks
CVE-2023-34419

6.7MEDIUM

Key Information:

Vendor: Lenovo
Status: Lenovo Notebook
Vendor: CVE Published:; 17 August 2023

Summary

A buffer overflow vulnerability has been discovered in the SetupUtility driver affecting certain Lenovo Notebook models. This flaw may grant an attacker with local access and elevated permissions the ability to execute arbitrary code, potentially compromising the integrity of the system. Users are advised to implement security patches and follow best practices to mitigate risks associated with this vulnerability.

Affected Version(s)

Lenovo Notebook various

References

https://support.lenovo.com/us/en/product_security/LEN-134879

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 17, 2023
Vulnerability Reserved
Jun 5, 2023

Credit

Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability.