CVE-2023-4028: Buffer Overflow
First published: Thu Aug 17 2023(Updated: )
A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
Credit: psirt@lenovo.com psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo 13w Yoga Firmware | <jacn38ww | |
| Lenovo 13w Yoga | ||
| Lenovo 13w Yoga Gen 2 Firmware | <kbcn20ww | |
| Lenovo 13w Yoga Gen 2 | ||
| Lenovo Ideapad 1-11ada05 Firmware | <fqcn29ww | |
| Lenovo Ideapad 1-11ada05 | ||
| Lenovo Ideapad 1-11igl05 Firmware | <dwcn28ww | |
| Lenovo Ideapad 1-11igl05 | ||
| Lenovo Ideapad 1-14ada05 Firmware | <fqcn29ww | |
| Lenovo Ideapad 1-14ada05 | ||
| Lenovo Ideapad 1-14igl05 Firmware | <dwcn28ww | |
| Lenovo Ideapad 1-14igl05 | ||
| Lenovo Flex 5-14alc05 Firmware | <gjcn32ww | |
| Lenovo Flex 5-14alc05 | ||
| Lenovo Flex 5-14are05 Firmware | <eecn43ww | |
| Lenovo Flex 5-14are05 | ||
| Lenovo Flex 5-14iil05 Firmware | <eccn45ww | |
| Lenovo Flex 5-14iil05 | ||
| Lenovo Flex 5-14itl05 Firmware | <fxcn44ww | |
| Lenovo Flex 5-14itl05 | ||
| Lenovo Flex 5-15alc05 Firmware | <gjcn32ww | |
| Lenovo Flex 5-15alc05 | ||
| Lenovo Flex 5-15iil05 Firmware | <eccn45ww | |
| Lenovo Flex 5-15iil05 | ||
| Lenovo Flex 5-15itl05 Firmware | <fxcn44ww | |
| Lenovo Flex 5-15itl05 | ||
| Lenovo Ideapad Flex 5 14abr8 Firmware | <l7cn17ww | |
| Lenovo Ideapad Flex 5 14abr8 | ||
| Lenovo Ideapad Flex 5 14alc7 Firmware | <jccn35ww | |
| Lenovo Ideapad Flex 5 14alc7 | ||
| Lenovo Ideapad Flex 5 14iau7 Firmware | <j7cn44ww | |
| Lenovo Ideapad Flex 5 14iau7 | ||
| Lenovo Ideapad Flex 5 14iru8 Firmware | <l6cn20ww | |
| Lenovo Ideapad Flex 5 14iru8 | ||
| Lenovo Ideapad Flex 5 16abr8 Firmware | <l7cn17ww | |
| Lenovo Ideapad Flex 5 16abr8 | ||
| Lenovo Ideapad Flex 5 16alc7 Firmware | <jccn35ww | |
| Lenovo Ideapad Flex 5 16alc7 | ||
| Lenovo Ideapad Flex 5 16iau7 Firmware | <j7cn44ww | |
| Lenovo Ideapad Flex 5 16iau7 | ||
| Lenovo Ideapad Flex 5 16iru8 Firmware | <l6cn20ww | |
| Lenovo Ideapad Flex 5 16iru8 | ||
| Lenovo Flex 7 14iru8 Firmware | <l6cn20ww | |
| Lenovo Flex 7 14iru8 | ||
| Lenovo Thinkbook 13s G2 Are Firmware | <fvcn28ww | |
| Lenovo Thinkbook 13s G2 Are | ||
| Lenovo Thinkbook 13s G2 Itl Firmware | <f9cn57ww | |
| Lenovo Thinkbook 13s G2 Itl | ||
| Lenovo Thinkbook 13s G3 Acn Firmware | <gmcn35ww | |
| Lenovo Thinkbook 13s G3 Acn | ||
| Lenovo Thinkbook 13s G4 Iap Firmware | <hwcn49ww | |
| Lenovo Thinkbook 13s G4 Iap | ||
| Lenovo Thinkbook 13x G2 Iap Firmware | <hxcn54ww | |
| Lenovo Thinkbook 13x G2 Iap | ||
| Lenovo Thinkbook 14s G2 Itl Firmware | <f9cn57ww | |
| Lenovo Thinkbook 14s G2 Itl | ||
| Lenovo Yoga 9-15imh5 Firmware | <epcn32ww | |
| Lenovo Yoga 9-15imh5 |
Remedy
Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/lenovo
- canonical/lenovo 13w yoga firmware
- canonical/lenovo 13w yoga
- canonical/lenovo 13w yoga gen 2 firmware
- canonical/lenovo 13w yoga gen 2
- canonical/lenovo ideapad 1-11ada05 firmware
- canonical/lenovo ideapad 1-11ada05
- canonical/lenovo ideapad 1-11igl05 firmware
- canonical/lenovo ideapad 1-11igl05
- canonical/lenovo ideapad 1-14ada05 firmware
- canonical/lenovo ideapad 1-14ada05
- canonical/lenovo ideapad 1-14igl05 firmware
- canonical/lenovo ideapad 1-14igl05
- canonical/lenovo flex 5-14alc05 firmware
- canonical/lenovo flex 5-14alc05
- canonical/lenovo flex 5-14are05 firmware
- canonical/lenovo flex 5-14are05
- canonical/lenovo flex 5-14iil05 firmware
- canonical/lenovo flex 5-14iil05
- canonical/lenovo flex 5-14itl05 firmware
- canonical/lenovo flex 5-14itl05
- canonical/lenovo flex 5-15alc05 firmware
- canonical/lenovo flex 5-15alc05
- canonical/lenovo flex 5-15iil05 firmware
- canonical/lenovo flex 5-15iil05
- canonical/lenovo flex 5-15itl05 firmware
- canonical/lenovo flex 5-15itl05
- canonical/lenovo ideapad flex 5 14abr8 firmware
- canonical/lenovo ideapad flex 5 14abr8
- canonical/lenovo ideapad flex 5 14alc7 firmware
- canonical/lenovo ideapad flex 5 14alc7
- canonical/lenovo ideapad flex 5 14iau7 firmware
- canonical/lenovo ideapad flex 5 14iau7
- canonical/lenovo ideapad flex 5 14iru8 firmware
- canonical/lenovo ideapad flex 5 14iru8
- canonical/lenovo ideapad flex 5 16abr8 firmware
- canonical/lenovo ideapad flex 5 16abr8
- canonical/lenovo ideapad flex 5 16alc7 firmware
- canonical/lenovo ideapad flex 5 16alc7
- canonical/lenovo ideapad flex 5 16iau7 firmware
- canonical/lenovo ideapad flex 5 16iau7
- canonical/lenovo ideapad flex 5 16iru8 firmware
- canonical/lenovo ideapad flex 5 16iru8
- canonical/lenovo flex 7 14iru8 firmware
- canonical/lenovo flex 7 14iru8
- canonical/lenovo thinkbook 13s g2 are firmware
- canonical/lenovo thinkbook 13s g2 are
- canonical/lenovo thinkbook 13s g2 itl firmware
- canonical/lenovo thinkbook 13s g2 itl
- canonical/lenovo thinkbook 13s g3 acn firmware
- canonical/lenovo thinkbook 13s g3 acn
- canonical/lenovo thinkbook 13s g4 iap firmware
- canonical/lenovo thinkbook 13s g4 iap
- canonical/lenovo thinkbook 13x g2 iap firmware
- canonical/lenovo thinkbook 13x g2 iap
- canonical/lenovo thinkbook 14s g2 itl firmware
- canonical/lenovo thinkbook 14s g2 itl
- canonical/lenovo yoga 9-15imh5 firmware
- canonical/lenovo yoga 9-15imh5