CVE-2023-4029: Buffer Overflow
First published: Thu Aug 17 2023(Updated: )
A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
Credit: psirt@lenovo.com psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo K14 Type 21cu Firmware | <1.12 | |
| Lenovo K14 Type 21cu | ||
| Lenovo K14 Type 21cv Firmware | <1.12 | |
| Lenovo K14 Type 21cv | ||
| Lenovo Thinkpad S2 Yoga Gen 8 Firmware | <1.10 | |
| Lenovo Thinkpad S2 Yoga Gen 8 | ||
| Lenovo Thinkpad E14 Gen 3 Firmware | <1.15 | |
| Lenovo Thinkpad E14 Gen 3 | ||
| Lenovo Thinkpad E15 Gen 3 Firmware | <1.15 | |
| Lenovo Thinkpad E15 Gen 3 | ||
| Lenovo Thinkpad L13 Gen 2 Firmware | <1.30 | |
| Lenovo Thinkpad L13 Gen 2 | ||
| Lenovo Thinkpad L13 Gen 3 Firmware | <1.19 | |
| Lenovo Thinkpad L13 Gen 3 | ||
| Lenovo Thinkpad L13 Gen 4 Firmware | <1.10 | |
| Lenovo Thinkpad L13 Gen 4 | ||
| Lenovo Thinkpad L13 Yoga Gen 4 Firmware | <1.10 | |
| Lenovo Thinkpad L13 Yoga Gen 4 | ||
| Lenovo Thinkpad L13 Yoga Gen 2 Firmware | <1.30 | |
| Lenovo Thinkpad L13 Yoga Gen 2 | ||
| Lenovo Thinkpad L13 Yoga Gen 3 Firmware | <1.19 | |
| Lenovo Thinkpad L13 Yoga Gen 3 | ||
| Lenovo Thinkpad L14 Gen 2 Firmware | <1.28 | |
| Lenovo Thinkpad L14 Gen 2 | ||
| Lenovo Thinkpad L14 Gen 3 Firmware | <1.23 | |
| Lenovo Thinkpad L14 Gen 3 | ||
| Lenovo Thinkpad L14 Gen 4 Firmware | <1.06 | |
| Lenovo Thinkpad L14 Gen 4 | ||
| Lenovo Thinkpad L15 Gen 2 Firmware | <1.28 | |
| Lenovo Thinkpad L15 Gen 2 | ||
| Lenovo Thinkpad L15 Gen 3 Firmware | <1.23 | |
| Lenovo Thinkpad L15 Gen 3 | ||
| Lenovo Thinkpad L15 Gen 4 Firmware | <1.06 | |
| Lenovo Thinkpad L15 Gen 4 | ||
| Lenovo Thinkpad P14s Gen 2 Firmware | <1.34 | |
| Lenovo Thinkpad P14s Gen 2 | ||
| Lenovo Thinkpad T14 Gen 2 Firmware | <1.34 | |
| Lenovo Thinkpad T14 Gen 2 | ||
| Lenovo Thinkpad T14s Gen 2 Firmware | <1.37 | |
| Lenovo Thinkpad T14s Gen 2 | ||
| Lenovo Thinkpad S2 Gen 6 Firmware | <1.30 | |
| Lenovo Thinkpad S2 Gen 6 | ||
| Lenovo Thinkpad S2 Gen 7 Firmware | <1.19 | |
| Lenovo Thinkpad S2 Gen 7 | ||
| Lenovo Thinkpad S2 Gen 8 Firmware | <1.10 | |
| Lenovo Thinkpad S2 Gen 8 | ||
| Lenovo Thinkpad S2 Yoga Gen 6 Firmware | <1.30 | |
| Lenovo Thinkpad S2 Yoga Gen 6 | ||
| Lenovo Thinkpad S2 Yoga Gen 7 Firmware | <1.19 | |
| Lenovo Thinkpad S2 Yoga Gen 7 | ||
| Lenovo Thinkpad X13 Gen 2 Firmware | <1.37 | |
| Lenovo Thinkpad X13 Gen 2 |
Remedy
Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-4029?
CVE-2023-4029 is a buffer overflow vulnerability in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products.
What is the severity of CVE-2023-4029?
The severity of CVE-2023-4029 is medium with a severity value of 6.7.
How can an attacker exploit CVE-2023-4029?
An attacker with local access and elevated privileges can exploit CVE-2023-4029 to execute arbitrary code.
Which Lenovo ThinkPad products are affected by CVE-2023-4029?
Lenovo ThinkPad products with the BoardUpdateAcpiDxe driver are affected by CVE-2023-4029.
How can I fix CVE-2023-4029?
To fix CVE-2023-4029, it is recommended to apply the latest firmware update provided by Lenovo.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/lenovo
- canonical/lenovo k14 type 21cu firmware
- canonical/lenovo k14 type 21cu
- canonical/lenovo k14 type 21cv firmware
- canonical/lenovo k14 type 21cv
- canonical/lenovo thinkpad s2 yoga gen 8 firmware
- canonical/lenovo thinkpad s2 yoga gen 8
- canonical/lenovo thinkpad e14 gen 3 firmware
- canonical/lenovo thinkpad e14 gen 3
- canonical/lenovo thinkpad e15 gen 3 firmware
- canonical/lenovo thinkpad e15 gen 3
- canonical/lenovo thinkpad l13 gen 2 firmware
- canonical/lenovo thinkpad l13 gen 2
- canonical/lenovo thinkpad l13 gen 3 firmware
- canonical/lenovo thinkpad l13 gen 3
- canonical/lenovo thinkpad l13 gen 4 firmware
- canonical/lenovo thinkpad l13 gen 4
- canonical/lenovo thinkpad l13 yoga gen 4 firmware
- canonical/lenovo thinkpad l13 yoga gen 4
- canonical/lenovo thinkpad l13 yoga gen 2 firmware
- canonical/lenovo thinkpad l13 yoga gen 2
- canonical/lenovo thinkpad l13 yoga gen 3 firmware
- canonical/lenovo thinkpad l13 yoga gen 3
- canonical/lenovo thinkpad l14 gen 2 firmware
- canonical/lenovo thinkpad l14 gen 2
- canonical/lenovo thinkpad l14 gen 3 firmware
- canonical/lenovo thinkpad l14 gen 3
- canonical/lenovo thinkpad l14 gen 4 firmware
- canonical/lenovo thinkpad l14 gen 4
- canonical/lenovo thinkpad l15 gen 2 firmware
- canonical/lenovo thinkpad l15 gen 2
- canonical/lenovo thinkpad l15 gen 3 firmware
- canonical/lenovo thinkpad l15 gen 3
- canonical/lenovo thinkpad l15 gen 4 firmware
- canonical/lenovo thinkpad l15 gen 4
- canonical/lenovo thinkpad p14s gen 2 firmware
- canonical/lenovo thinkpad p14s gen 2
- canonical/lenovo thinkpad t14 gen 2 firmware
- canonical/lenovo thinkpad t14 gen 2
- canonical/lenovo thinkpad t14s gen 2 firmware
- canonical/lenovo thinkpad t14s gen 2
- canonical/lenovo thinkpad s2 gen 6 firmware
- canonical/lenovo thinkpad s2 gen 6
- canonical/lenovo thinkpad s2 gen 7 firmware
- canonical/lenovo thinkpad s2 gen 7
- canonical/lenovo thinkpad s2 gen 8 firmware
- canonical/lenovo thinkpad s2 gen 8
- canonical/lenovo thinkpad s2 yoga gen 6 firmware
- canonical/lenovo thinkpad s2 yoga gen 6
- canonical/lenovo thinkpad s2 yoga gen 7 firmware
- canonical/lenovo thinkpad s2 yoga gen 7
- canonical/lenovo thinkpad x13 gen 2 firmware
- canonical/lenovo thinkpad x13 gen 2