Buffer Overflow Vulnerability in Lenovo ThinkPad BoardUpdateAcpiDxe Driver
CVE-2023-4029

6.7MEDIUM

Key Information:

Vendor: Lenovo
Status: Thinkpad
Vendor: CVE Published:; 17 August 2023

Summary

A buffer overflow vulnerability has been discovered in the BoardUpdateAcpiDxe driver present in certain Lenovo ThinkPad devices. This flaw can potentially be exploited by attackers with local access and elevated privileges, enabling them to execute arbitrary code. Proper attention to this vulnerability is critical for maintaining the security and integrity of affected systems.

Affected Version(s)

ThinkPad various

References

https://support.lenovo.com/us/en/product_security/LEN-134879

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 17, 2023
Vulnerability Reserved
Jul 31, 2023

Credit

Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability.