CVE-2023-4028: Buffer Overflow
First published: Thu Aug 17 2023(Updated: )
A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo 13w Yoga Gen 2 Firmware | <jacn38ww | |
| Lenovo 13w Yoga Gen 2 Firmware | ||
| Lenovo 13w Yoga Gen 2 Firmware | <kbcn20ww | |
| Lenovo 13w Yoga Gen 2 Firmware | ||
| Lenovo Ideapad 1-11ada05 | <fqcn29ww | |
| Lenovo Ideapad 1-11ADA05 Firmware | ||
| Lenovo Ideapad 1-14igl05 | <dwcn28ww | |
| Lenovo Ideapad 1-11IGL05 | ||
| Lenovo Ideapad 1-14ada05 | <fqcn29ww | |
| Lenovo Ideapad 1-14ADA05 Firmware | ||
| Lenovo Ideapad 1-14igl05 | <dwcn28ww | |
| Lenovo Ideapad 1-11IGL05 | ||
| Lenovo Ideapad Flex 5-14ALC05 Firmware | <gjcn32ww | |
| Lenovo Flex 5 14ALC05 | ||
| Lenovo Flex 5 14ARE05 Firmware | <eecn43ww | |
| Lenovo Flex 5 14ARE05 Firmware | ||
| Lenovo Flex 5 14iil05 | <eccn45ww | |
| Lenovo Flex 5 14iil05 | ||
| Lenovo Flex 5 14ITL05 | <fxcn44ww | |
| Lenovo Flex 5 14ITL05 | ||
| Lenovo Flex 5 15ALC05 Firmware | <gjcn32ww | |
| Lenovo Flex 5 15ALC05 | ||
| Lenovo Flex 5-15IIL05 | <eccn45ww | |
| Lenovo Flex 5-1570 | ||
| Lenovo Flex 5-15ITL05 | <fxcn44ww | |
| Lenovo Flex 5-1570 | ||
| Lenovo Ideapad Flex 5 14ABR8 | <l7cn17ww | |
| Lenovo Ideapad Flex 5 14ABR8 | ||
| Lenovo IdeaPad Flex 5 14ALC7 Firmware | <jccn35ww | |
| Lenovo IdeaPad Flex 5 14ALC7 Firmware | ||
| Lenovo Ideapad Flex 5 14IAU7 | <j7cn44ww | |
| Lenovo Ideapad Flex 5 14IAU7 Firmware | ||
| Lenovo Ideapad Flex 5 14IRU8 | <l6cn20ww | |
| Lenovo Ideapad Flex 5 14IRU8 Firmware | ||
| Lenovo Ideapad Flex 5 16ABR8 Firmware | <l7cn17ww | |
| Lenovo ideapad flex 5 16abr8 firmware | ||
| Lenovo Ideapad Flex 5 16ALC7 | <jccn35ww | |
| Lenovo Ideapad Flex 5 16ALC7 | ||
| Lenovo IdeaPad Flex 5 16IAU7 | <j7cn44ww | |
| Lenovo Ideapad Flex 5 16IAU7 Firmware | ||
| Lenovo Ideapad Flex 5 16IRU8 | <l6cn20ww | |
| Lenovo Ideapad Flex 5 16IRU8 Firmware | ||
| Lenovo Flex 7 14IRU8 | <l6cn20ww | |
| Lenovo Flex 7 14iru8 Firmware | ||
| Lenovo ThinkBook 13s G2 ARE Firmware | <fvcn28ww | |
| Lenovo ThinkBook 13s G2 ARE Firmware | ||
| Lenovo Thinkbook 13s G2 ITL Firmware | <f9cn57ww | |
| Lenovo Thinkbook 13s G2 ITL Firmware | ||
| Lenovo ThinkBook 13s G3 ACN | <gmcn35ww | |
| Lenovo ThinkBook 13s G3 ACN | ||
| Lenovo ThinkBook 13s G4 IAP Firmware | <hwcn49ww | |
| Lenovo ThinkBook 13s G4 IAP Firmware | ||
| Lenovo ThinkBook 13x G2 IAP Firmware | <hxcn54ww | |
| Lenovo ThinkBook 13x G2 IAP Firmware | ||
| Lenovo Thinkbook 14s G2 ITL Firmware | <f9cn57ww | |
| Lenovo Thinkbook 14s G2 ITL Firmware | ||
| Lenovo Yoga 9-15IMH5 | <epcn32ww | |
| Lenovo Yoga 9-15IMH5 | ||
| All of | ||
| Lenovo 13w Yoga Gen 2 Firmware | <jacn38ww | |
| Lenovo 13w Yoga Gen 2 Firmware | ||
| All of | ||
| Lenovo 13w Yoga Gen 2 Firmware | <kbcn20ww | |
| Lenovo 13w Yoga Gen 2 Firmware | ||
| All of | ||
| Lenovo Ideapad 1-11ada05 | <fqcn29ww | |
| Lenovo Ideapad 1-11ADA05 Firmware | ||
| All of | ||
| Lenovo Ideapad 1-14igl05 | <dwcn28ww | |
| Lenovo Ideapad 1-11IGL05 | ||
| All of | ||
| Lenovo Ideapad 1-14ada05 | <fqcn29ww | |
| Lenovo Ideapad 1-14ADA05 Firmware | ||
| All of | ||
| Lenovo Ideapad 1-14igl05 | <dwcn28ww | |
| Lenovo Ideapad 1-11IGL05 | ||
| All of | ||
| Lenovo Ideapad Flex 5-14ALC05 Firmware | <gjcn32ww | |
| Lenovo Flex 5 14ALC05 | ||
| All of | ||
| Lenovo Flex 5 14ARE05 Firmware | <eecn43ww | |
| Lenovo Flex 5 14ARE05 Firmware | ||
| All of | ||
| Lenovo Flex 5 14iil05 | <eccn45ww | |
| Lenovo Flex 5 14iil05 | ||
| All of | ||
| Lenovo Flex 5 14ITL05 | <fxcn44ww | |
| Lenovo Flex 5 14ITL05 | ||
| All of | ||
| Lenovo Flex 5 15ALC05 Firmware | <gjcn32ww | |
| Lenovo Flex 5 15ALC05 | ||
| All of | ||
| Lenovo Flex 5-15IIL05 | <eccn45ww | |
| Lenovo Flex 5-1570 | ||
| All of | ||
| Lenovo Flex 5-15ITL05 | <fxcn44ww | |
| Lenovo Flex 5-1570 | ||
| All of | ||
| Lenovo Ideapad Flex 5 14ABR8 | <l7cn17ww | |
| Lenovo Ideapad Flex 5 14ABR8 | ||
| All of | ||
| Lenovo IdeaPad Flex 5 14ALC7 Firmware | <jccn35ww | |
| Lenovo IdeaPad Flex 5 14ALC7 Firmware | ||
| All of | ||
| Lenovo Ideapad Flex 5 14IAU7 | <j7cn44ww | |
| Lenovo Ideapad Flex 5 14IAU7 Firmware | ||
| All of | ||
| Lenovo Ideapad Flex 5 14IRU8 | <l6cn20ww | |
| Lenovo Ideapad Flex 5 14IRU8 Firmware | ||
| All of | ||
| Lenovo Ideapad Flex 5 16ABR8 Firmware | <l7cn17ww | |
| Lenovo ideapad flex 5 16abr8 firmware | ||
| All of | ||
| Lenovo Ideapad Flex 5 16ALC7 | <jccn35ww | |
| Lenovo Ideapad Flex 5 16ALC7 | ||
| All of | ||
| Lenovo IdeaPad Flex 5 16IAU7 | <j7cn44ww | |
| Lenovo Ideapad Flex 5 16IAU7 Firmware | ||
| All of | ||
| Lenovo Ideapad Flex 5 16IRU8 | <l6cn20ww | |
| Lenovo Ideapad Flex 5 16IRU8 Firmware | ||
| All of | ||
| Lenovo Flex 7 14IRU8 | <l6cn20ww | |
| Lenovo Flex 7 14iru8 Firmware | ||
| All of | ||
| Lenovo ThinkBook 13s G2 ARE Firmware | <fvcn28ww | |
| Lenovo ThinkBook 13s G2 ARE Firmware | ||
| All of | ||
| Lenovo Thinkbook 13s G2 ITL Firmware | <f9cn57ww | |
| Lenovo Thinkbook 13s G2 ITL Firmware | ||
| All of | ||
| Lenovo ThinkBook 13s G3 ACN | <gmcn35ww | |
| Lenovo ThinkBook 13s G3 ACN | ||
| All of | ||
| Lenovo ThinkBook 13s G4 IAP Firmware | <hwcn49ww | |
| Lenovo ThinkBook 13s G4 IAP Firmware | ||
| All of | ||
| Lenovo ThinkBook 13x G2 IAP Firmware | <hxcn54ww | |
| Lenovo ThinkBook 13x G2 IAP Firmware | ||
| All of | ||
| Lenovo Thinkbook 14s G2 ITL Firmware | <f9cn57ww | |
| Lenovo Thinkbook 14s G2 ITL Firmware | ||
| All of | ||
| Lenovo Yoga 9-15IMH5 | <epcn32ww | |
| Lenovo Yoga 9-15IMH5 |
Remedy
Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-4028?
CVE-2023-4028 has a high severity rating due to its potential for local privilege escalation and remote code execution.
How do I fix CVE-2023-4028?
To fix CVE-2023-4028, users should update their Lenovo Notebook firmware to the latest version provided by Lenovo.
What products are affected by CVE-2023-4028?
CVE-2023-4028 affects specific Lenovo Notebook models, including the Lenovo 13w Yoga Gen 2, Ideapad models, and Flex models.
Can CVE-2023-4028 be exploited remotely?
CVE-2023-4028 can only be exploited locally by an attacker with elevated privileges.
What is a buffer overflow in the context of CVE-2023-4028?
In the context of CVE-2023-4028, a buffer overflow refers to a vulnerability that allows an attacker to write more data to a buffer than it can hold, potentially allowing arbitrary code execution.
- agent/type
- agent/severity
- agent/references
- agent/weakness
- agent/remedy
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/lenovo
- canonical/lenovo 13w yoga gen 2 firmware
- canonical/lenovo ideapad 1-11ada05
- canonical/lenovo ideapad 1-11ada05 firmware
- canonical/lenovo ideapad 1-14igl05
- canonical/lenovo ideapad 1-11igl05
- canonical/lenovo ideapad 1-14ada05
- canonical/lenovo ideapad 1-14ada05 firmware
- canonical/lenovo ideapad flex 5-14alc05 firmware
- canonical/lenovo flex 5 14alc05
- canonical/lenovo flex 5 14are05 firmware
- canonical/lenovo flex 5 14iil05
- canonical/lenovo flex 5 14itl05
- canonical/lenovo flex 5 15alc05 firmware
- canonical/lenovo flex 5 15alc05
- canonical/lenovo flex 5-15iil05
- canonical/lenovo flex 5-1570
- canonical/lenovo flex 5-15itl05
- canonical/lenovo ideapad flex 5 14abr8
- canonical/lenovo ideapad flex 5 14alc7 firmware
- canonical/lenovo ideapad flex 5 14iau7
- canonical/lenovo ideapad flex 5 14iau7 firmware
- canonical/lenovo ideapad flex 5 14iru8
- canonical/lenovo ideapad flex 5 14iru8 firmware
- canonical/lenovo ideapad flex 5 16abr8 firmware
- canonical/lenovo ideapad flex 5 16alc7
- canonical/lenovo ideapad flex 5 16iau7
- canonical/lenovo ideapad flex 5 16iau7 firmware
- canonical/lenovo ideapad flex 5 16iru8
- canonical/lenovo ideapad flex 5 16iru8 firmware
- canonical/lenovo flex 7 14iru8
- canonical/lenovo flex 7 14iru8 firmware
- canonical/lenovo thinkbook 13s g2 are firmware
- canonical/lenovo thinkbook 13s g2 itl firmware
- canonical/lenovo thinkbook 13s g3 acn
- canonical/lenovo thinkbook 13s g4 iap firmware
- canonical/lenovo thinkbook 13x g2 iap firmware
- canonical/lenovo thinkbook 14s g2 itl firmware
- canonical/lenovo yoga 9-15imh5