First published: Thu Aug 17 2023(Updated: )
A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
Credit: psirt@lenovo.com psirt@lenovo.com
Affected Software | Affected Version | How to fix |
---|---|---|
Lenovo K14 Type 21cu Firmware | <1.12 | |
Lenovo K14 Type 21cu | ||
Lenovo K14 Type 21cv Firmware | <1.12 | |
Lenovo K14 Type 21cv | ||
Lenovo Thinkpad S2 Yoga Gen 8 Firmware | <1.10 | |
Lenovo Thinkpad S2 Yoga Gen 8 | ||
Lenovo Thinkpad E14 Gen 3 Firmware | <1.15 | |
Lenovo Thinkpad E14 Gen 3 | ||
Lenovo Thinkpad E15 Gen 3 Firmware | <1.15 | |
Lenovo Thinkpad E15 Gen 3 | ||
Lenovo Thinkpad L13 Gen 2 Firmware | <1.30 | |
Lenovo Thinkpad L13 Gen 2 | ||
Lenovo Thinkpad L13 Gen 3 Firmware | <1.19 | |
Lenovo Thinkpad L13 Gen 3 | ||
Lenovo Thinkpad L13 Gen 4 Firmware | <1.10 | |
Lenovo Thinkpad L13 Gen 4 | ||
Lenovo Thinkpad L13 Yoga Gen 4 Firmware | <1.10 | |
Lenovo Thinkpad L13 Yoga Gen 4 | ||
Lenovo Thinkpad L13 Yoga Gen 2 Firmware | <1.30 | |
Lenovo Thinkpad L13 Yoga Gen 2 | ||
Lenovo Thinkpad L13 Yoga Gen 3 Firmware | <1.19 | |
Lenovo Thinkpad L13 Yoga Gen 3 | ||
Lenovo Thinkpad L14 Gen 2 Firmware | <1.28 | |
Lenovo Thinkpad L14 Gen 2 | ||
Lenovo Thinkpad L14 Gen 3 Firmware | <1.23 | |
Lenovo Thinkpad L14 Gen 3 | ||
Lenovo Thinkpad L14 Gen 4 Firmware | <1.06 | |
Lenovo Thinkpad L14 Gen 4 | ||
Lenovo Thinkpad L15 Gen 2 Firmware | <1.28 | |
Lenovo Thinkpad L15 Gen 2 | ||
Lenovo Thinkpad L15 Gen 3 Firmware | <1.23 | |
Lenovo Thinkpad L15 Gen 3 | ||
Lenovo Thinkpad L15 Gen 4 Firmware | <1.06 | |
Lenovo Thinkpad L15 Gen 4 | ||
Lenovo Thinkpad P14s Gen 2 Firmware | <1.34 | |
Lenovo Thinkpad P14s Gen 2 | ||
Lenovo Thinkpad T14 Gen 2 Firmware | <1.34 | |
Lenovo Thinkpad T14 Gen 2 | ||
Lenovo Thinkpad T14s Gen 2 Firmware | <1.37 | |
Lenovo Thinkpad T14s Gen 2 | ||
Lenovo Thinkpad S2 Gen 6 Firmware | <1.30 | |
Lenovo Thinkpad S2 Gen 6 | ||
Lenovo Thinkpad S2 Gen 7 Firmware | <1.19 | |
Lenovo Thinkpad S2 Gen 7 | ||
Lenovo Thinkpad S2 Gen 8 Firmware | <1.10 | |
Lenovo Thinkpad S2 Gen 8 | ||
Lenovo Thinkpad S2 Yoga Gen 6 Firmware | <1.30 | |
Lenovo Thinkpad S2 Yoga Gen 6 | ||
Lenovo Thinkpad S2 Yoga Gen 7 Firmware | <1.19 | |
Lenovo Thinkpad S2 Yoga Gen 7 | ||
Lenovo Thinkpad X13 Gen 2 Firmware | <1.37 | |
Lenovo Thinkpad X13 Gen 2 | ||
All of | ||
Lenovo K14 Type 21cu Firmware | <1.12 | |
Lenovo K14 Type 21cu | ||
All of | ||
Lenovo K14 Type 21cv Firmware | <1.12 | |
Lenovo K14 Type 21cv | ||
All of | ||
Lenovo Thinkpad S2 Yoga Gen 8 Firmware | <1.10 | |
Lenovo Thinkpad S2 Yoga Gen 8 | ||
All of | ||
Lenovo Thinkpad E14 Gen 3 Firmware | <1.15 | |
Lenovo Thinkpad E14 Gen 3 | ||
All of | ||
Lenovo Thinkpad E15 Gen 3 Firmware | <1.15 | |
Lenovo Thinkpad E15 Gen 3 | ||
All of | ||
Lenovo Thinkpad L13 Gen 2 Firmware | <1.30 | |
Lenovo Thinkpad L13 Gen 2 | ||
All of | ||
Lenovo Thinkpad L13 Gen 3 Firmware | <1.19 | |
Lenovo Thinkpad L13 Gen 3 | ||
All of | ||
Lenovo Thinkpad L13 Gen 4 Firmware | <1.10 | |
Lenovo Thinkpad L13 Gen 4 | ||
All of | ||
Lenovo Thinkpad L13 Yoga Gen 4 Firmware | <1.10 | |
Lenovo Thinkpad L13 Yoga Gen 4 | ||
All of | ||
Lenovo Thinkpad L13 Yoga Gen 2 Firmware | <1.30 | |
Lenovo Thinkpad L13 Yoga Gen 2 | ||
All of | ||
Lenovo Thinkpad L13 Yoga Gen 3 Firmware | <1.19 | |
Lenovo Thinkpad L13 Yoga Gen 3 | ||
All of | ||
Lenovo Thinkpad L14 Gen 2 Firmware | <1.28 | |
Lenovo Thinkpad L14 Gen 2 | ||
All of | ||
Lenovo Thinkpad L14 Gen 3 Firmware | <1.23 | |
Lenovo Thinkpad L14 Gen 3 | ||
All of | ||
Lenovo Thinkpad L14 Gen 4 Firmware | <1.06 | |
Lenovo Thinkpad L14 Gen 4 | ||
All of | ||
Lenovo Thinkpad L15 Gen 2 Firmware | <1.28 | |
Lenovo Thinkpad L15 Gen 2 | ||
All of | ||
Lenovo Thinkpad L15 Gen 3 Firmware | <1.23 | |
Lenovo Thinkpad L15 Gen 3 | ||
All of | ||
Lenovo Thinkpad L15 Gen 4 Firmware | <1.06 | |
Lenovo Thinkpad L15 Gen 4 | ||
All of | ||
Lenovo Thinkpad P14s Gen 2 Firmware | <1.34 | |
Lenovo Thinkpad P14s Gen 2 | ||
All of | ||
Lenovo Thinkpad T14 Gen 2 Firmware | <1.34 | |
Lenovo Thinkpad T14 Gen 2 | ||
All of | ||
Lenovo Thinkpad T14s Gen 2 Firmware | <1.37 | |
Lenovo Thinkpad T14s Gen 2 | ||
All of | ||
Lenovo Thinkpad S2 Gen 6 Firmware | <1.30 | |
Lenovo Thinkpad S2 Gen 6 | ||
All of | ||
Lenovo Thinkpad S2 Gen 7 Firmware | <1.19 | |
Lenovo Thinkpad S2 Gen 7 | ||
All of | ||
Lenovo Thinkpad S2 Gen 8 Firmware | <1.10 | |
Lenovo Thinkpad S2 Gen 8 | ||
All of | ||
Lenovo Thinkpad S2 Yoga Gen 6 Firmware | <1.30 | |
Lenovo Thinkpad S2 Yoga Gen 6 | ||
All of | ||
Lenovo Thinkpad S2 Yoga Gen 7 Firmware | <1.19 | |
Lenovo Thinkpad S2 Yoga Gen 7 | ||
All of | ||
Lenovo Thinkpad X13 Gen 2 Firmware | <1.37 | |
Lenovo Thinkpad X13 Gen 2 |
Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-4029 is a buffer overflow vulnerability in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products.
The severity of CVE-2023-4029 is medium with a severity value of 6.7.
An attacker with local access and elevated privileges can exploit CVE-2023-4029 to execute arbitrary code.
Lenovo ThinkPad products with the BoardUpdateAcpiDxe driver are affected by CVE-2023-4029.
To fix CVE-2023-4029, it is recommended to apply the latest firmware update provided by Lenovo.