CWE
120 119
Advisory Published
Updated

CVE-2023-4028: Buffer Overflow

First published: Thu Aug 17 2023(Updated: )

A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

Credit: psirt@lenovo.com psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Lenovo 13w Yoga Firmware<jacn38ww
Lenovo 13w Yoga
Lenovo 13w Yoga Gen 2 Firmware<kbcn20ww
Lenovo 13w Yoga Gen 2
Lenovo Ideapad 1-11ada05 Firmware<fqcn29ww
Lenovo Ideapad 1-11ada05
Lenovo Ideapad 1-11igl05 Firmware<dwcn28ww
Lenovo Ideapad 1-11igl05
Lenovo Ideapad 1-14ada05 Firmware<fqcn29ww
Lenovo Ideapad 1-14ada05
Lenovo Ideapad 1-14igl05 Firmware<dwcn28ww
Lenovo Ideapad 1-14igl05
Lenovo Flex 5-14alc05 Firmware<gjcn32ww
Lenovo Flex 5-14alc05
Lenovo Flex 5-14are05 Firmware<eecn43ww
Lenovo Flex 5-14are05
Lenovo Flex 5-14iil05 Firmware<eccn45ww
Lenovo Flex 5-14iil05
Lenovo Flex 5-14itl05 Firmware<fxcn44ww
Lenovo Flex 5-14itl05
Lenovo Flex 5-15alc05 Firmware<gjcn32ww
Lenovo Flex 5-15alc05
Lenovo Flex 5-15iil05 Firmware<eccn45ww
Lenovo Flex 5-15iil05
Lenovo Flex 5-15itl05 Firmware<fxcn44ww
Lenovo Flex 5-15itl05
Lenovo Ideapad Flex 5 14abr8 Firmware<l7cn17ww
Lenovo Ideapad Flex 5 14abr8
Lenovo Ideapad Flex 5 14alc7 Firmware<jccn35ww
Lenovo Ideapad Flex 5 14alc7
Lenovo Ideapad Flex 5 14iau7 Firmware<j7cn44ww
Lenovo Ideapad Flex 5 14iau7
Lenovo Ideapad Flex 5 14iru8 Firmware<l6cn20ww
Lenovo Ideapad Flex 5 14iru8
Lenovo Ideapad Flex 5 16abr8 Firmware<l7cn17ww
Lenovo Ideapad Flex 5 16abr8
Lenovo Ideapad Flex 5 16alc7 Firmware<jccn35ww
Lenovo Ideapad Flex 5 16alc7
Lenovo Ideapad Flex 5 16iau7 Firmware<j7cn44ww
Lenovo Ideapad Flex 5 16iau7
Lenovo Ideapad Flex 5 16iru8 Firmware<l6cn20ww
Lenovo Ideapad Flex 5 16iru8
Lenovo Flex 7 14iru8 Firmware<l6cn20ww
Lenovo Flex 7 14iru8
Lenovo Thinkbook 13s G2 Are Firmware<fvcn28ww
Lenovo Thinkbook 13s G2 Are
Lenovo Thinkbook 13s G2 Itl Firmware<f9cn57ww
Lenovo Thinkbook 13s G2 Itl
Lenovo Thinkbook 13s G3 Acn Firmware<gmcn35ww
Lenovo Thinkbook 13s G3 Acn
Lenovo Thinkbook 13s G4 Iap Firmware<hwcn49ww
Lenovo Thinkbook 13s G4 Iap
Lenovo Thinkbook 13x G2 Iap Firmware<hxcn54ww
Lenovo Thinkbook 13x G2 Iap
Lenovo Thinkbook 14s G2 Itl Firmware<f9cn57ww
Lenovo Thinkbook 14s G2 Itl
Lenovo Yoga 9-15imh5 Firmware<epcn32ww
Lenovo Yoga 9-15imh5

Remedy

Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203