CVE-2023-45079
First published: Wed Nov 08 2023(Updated: )
A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo Ideacentre C5-14imb05 Firmware | <o4hkt3ca | |
| Lenovo Ideacentre C5-14imb05 | ||
| Lenovo Ideacentre 3-07ada05 Firmware | <o4fkt39a | |
| Lenovo Ideacentre 3-07ada05 | ||
| Lenovo Ideacentre 3-07imb05 Firmware | <m2vkt21a | |
| Lenovo Ideacentre 3-07imb05 | ||
| Lenovo Ideacentre G5-14imb05 Firmware | <o4hkt3ca | |
| Lenovo Ideacentre G5-14imb05 | ||
| Lenovo Ideacentre 5-14iob6 Firmware | <m3gkt3da | |
| Lenovo Ideacentre 5-14iob6 | ||
| Lenovo Ideacentre Creator 5-14iob6 Firmware | <m3gkt3da | |
| Lenovo Ideacentre Creator 5-14iob6 | ||
| Lenovo Ideacentre G5-14amr05 Firmware | <o4zkt2ba | |
| Lenovo Ideacentre G5-14amr05 | ||
| Lenovo Ideacentre Gaming 5-14iob6 Firmware | <m3gkt3da | |
| Lenovo Ideacentre Gaming 5-14iob6 | ||
| Lenovo Ideacentre Mini 5 01iaq7 Firmware | <o53kt10a | |
| Lenovo Ideacentre Mini 5 01iaq7 | ||
| Lenovo Ideacentre Mini 5-01imh05 Firmware | <o4ekt1ba | |
| Lenovo Ideacentre Mini 5-01imh05 | ||
| Lenovo Legion T7-34imz5 Firmware | <o5fkt17a | |
| Lenovo Legion T7-34imz5 | ||
| Lenovo Thinkcentre M625q Firmware | <m1wkt52a | |
| Lenovo Thinkcentre M625q | ||
| Lenovo Thinkcentre M630e Firmware | ||
| Lenovo Thinkcentre M630e | ||
| Lenovo Thinkcentre M70a Firmware | <m2skt29a | |
| Lenovo Thinkcentre M70a | ||
| Lenovo Thinkcentre M920z All-in-one Firmware | <m1mkt56a | |
| Lenovo Thinkcentre M920z All-in-one | ||
| Lenovo Thinkcentre M920x Firmware | <m1ukt72a | |
| Lenovo Thinkcentre M920x | ||
| Lenovo Thinkcentre M920t Firmware | <m1ukt72a | |
| Lenovo Thinkcentre M920t | ||
| Lenovo Thinkcentre M920s Firmware | <m1ukt72a | |
| Lenovo Thinkcentre M920s | ||
| Lenovo Thinkcentre M920q Firmware | <m1ukt72a | |
| Lenovo Thinkcentre M920q | ||
| Lenovo Thinkcentre M90t Firmware | <m2tkt55a | |
| Lenovo Thinkcentre M90t | ||
| Lenovo Thinkcentre M90s Firmware | <m2tkt55a | |
| Lenovo Thinkcentre M90s | ||
| Lenovo Thinkcentre M90q Tiny Firmware | <m2wkt5aa | |
| Lenovo Thinkcentre M90q Tiny | ||
| Lenovo Thinkcentre M90a Firmware | <m2rkt57a | |
| Lenovo Thinkcentre M90a | ||
| Lenovo Thinkcentre M820z All-in-one Firmware | <m1nkt62a | |
| Lenovo Thinkcentre M820z All-in-one | ||
| Lenovo Thinkcentre M80t Firmware | <m2tkt55a | |
| Lenovo Thinkcentre M80t | ||
| Lenovo Thinkcentre M80s Firmware | <m2tkt55a | |
| Lenovo Thinkcentre M80s | ||
| Lenovo Thinkcentre M80q Firmware | <m2wkt5aa | |
| Lenovo Thinkcentre M80q | ||
| Lenovo Thinkcentre M75t Gen 2 Firmware | ||
| Lenovo Thinkcentre M75t Gen 2 | ||
| Lenovo Thinkcentre M75s Gen 2 Firmware | ||
| Lenovo Thinkcentre M75s Gen 2 | ||
| Lenovo Thinkcentre M75q Gen 2 Firmware | <m47kt30a | |
| Lenovo Thinkcentre M75q Gen 2 | ||
| Lenovo Thinkcentre M75n Firmware | <m33kt27a | |
| Lenovo Thinkcentre M75n | ||
| Lenovo Thinkcentre M720t Firmware | <m1ukt72a | |
| Lenovo Thinkcentre M720t | ||
| Lenovo Thinkcentre M720s Firmware | <m1ukt72a | |
| Lenovo Thinkcentre M720s | ||
| Lenovo Thinkcentre M720q Firmware | <m1ukt72a | |
| Lenovo Thinkcentre M720q | ||
| Lenovo Thinkcentre M70t Firmware | <m2tkt55a | |
| Lenovo Thinkcentre M70t | ||
| Lenovo Thinkcentre M70s Firmware | <m2tkt55a | |
| Lenovo Thinkcentre M70s | ||
| Lenovo Thinkcentre M70q Firmware | <m2wkt5aa | |
| Lenovo Thinkcentre M70q | ||
| Lenovo Thinkcentre M70c Firmware | <m2vkt21a | |
| Lenovo Thinkcentre M70c | ||
| Lenovo V50t-13iob G2 Firmware | <m3gkt3da | |
| Lenovo V50t-13iob G2 | ||
| Lenovo V55t Gen 2 13acn Firmware | <o5jkt23a | |
| Lenovo V55t Gen 2 13acn | ||
| Lenovo V50t-13imh Firmware | <m4pkt13a | |
| Lenovo V50t-13imh | ||
| Lenovo V50t-13imb Firmware | <o4hkt3ca | |
| Lenovo V50t-13imb | ||
| Lenovo V50s-07imb Firmware | <m2vkt21a | |
| Lenovo V50s-07imb | ||
| Lenovo V50a-24imb Firmware | <m36kt32a | |
| Lenovo V50a-24imb | ||
| Lenovo V50a-22imb Firmware | <m36kt32a | |
| Lenovo V50a-22imb | ||
| Lenovo V30a-24iml Firmware | <m37kt31a | |
| Lenovo V30a-24iml | ||
| Lenovo V30a-22iml Firmware | <m37kt31a | |
| Lenovo V30a-22iml | ||
| Lenovo Thinkedge Se30 Firmware | <m3fkt2da | |
| Lenovo Thinkedge Se30 | ||
| Lenovo Thinkstation P920 Workstation Firmware | ||
| Lenovo Thinkstation P920 Workstation | ||
| Lenovo Thinkstation P720 Workstation Firmware | ||
| Lenovo Thinkstation P720 Workstation | ||
| Lenovo Thinkstation P520c Workstation Firmware | ||
| Lenovo Thinkstation P520c Workstation | ||
| Lenovo Thinkstation P520 Workstation Firmware | ||
| Lenovo Thinkstation P520 Workstation | ||
| Lenovo Thinkstation P360 Workstation Firmware | ||
| Lenovo Thinkstation P360 Workstation | ||
| Lenovo Thinkstation P360 Workstation Firmware | <s0ekt45a | |
| Lenovo Thinkstation P350 Workstation Firmware | ||
| Lenovo Thinkstation P350 Workstation | ||
| Lenovo Thinkstation P348 Workstation Firmware | <m3kkt3ba | |
| Lenovo Thinkstation P348 Workstation | ||
| Lenovo Thinkstation P340 Workstation Firmware | <s08kt55a | |
| Lenovo Thinkstation P340 Workstation | ||
| Lenovo Thinkstation P340 Tiny Workstation Firmware | <m2wkt5aa | |
| Lenovo Thinkstation P340 Tiny Workstation | ||
| Lenovo Thinkstation P330 Workstation 2nd Gen Firmware | <m1vkt72a | |
| Lenovo Thinkstation P330 Workstation 2nd Gen | ||
| Lenovo Thinkstation P330 Workstation Firmware | <m1vkt72a | |
| Lenovo Thinkstation P330 Workstation | ||
| Lenovo Thinkstation P330 Tiny Workstation Firmware | <m1ukt72a | |
| Lenovo Thinkstation P330 Tiny Workstation | ||
| Lenovo Thinkstation P320 Workstation Firmware | <s06kt64a | |
| Lenovo Thinkstation P320 Workstation |
Remedy
Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-45079?
CVE-2023-45079 is a memory leakage vulnerability in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
Is Lenovo Ideacentre C5-14imb05 affected by CVE-2023-45079?
Yes, Lenovo Ideacentre C5-14imb05 with firmware version up to o4hkt3ca is affected by CVE-2023-45079.
How severe is CVE-2023-45079?
CVE-2023-45079 has a severity keyword of medium and a severity value of 6.7.
How can I fix CVE-2023-45079?
To mitigate CVE-2023-45079, it is recommended to apply the security patches provided by Lenovo. Refer to the vendor's security advisory for specific instructions.
- collector/nvd-api
- agent/type
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/tags
- agent/first-publish-date
- agent/softwarecombine
- agent/description
- vendor/lenovo
- canonical/lenovo ideacentre c5-14imb05 firmware
- canonical/lenovo ideacentre c5-14imb05
- canonical/lenovo ideacentre 3-07ada05 firmware
- canonical/lenovo ideacentre 3-07ada05
- canonical/lenovo ideacentre 3-07imb05 firmware
- canonical/lenovo ideacentre 3-07imb05
- canonical/lenovo ideacentre g5-14imb05 firmware
- canonical/lenovo ideacentre g5-14imb05
- canonical/lenovo ideacentre 5-14iob6 firmware
- canonical/lenovo ideacentre 5-14iob6
- canonical/lenovo ideacentre creator 5-14iob6 firmware
- canonical/lenovo ideacentre creator 5-14iob6
- canonical/lenovo ideacentre g5-14amr05 firmware
- canonical/lenovo ideacentre g5-14amr05
- canonical/lenovo ideacentre gaming 5-14iob6 firmware
- canonical/lenovo ideacentre gaming 5-14iob6
- canonical/lenovo ideacentre mini 5 01iaq7 firmware
- canonical/lenovo ideacentre mini 5 01iaq7
- canonical/lenovo ideacentre mini 5-01imh05 firmware
- canonical/lenovo ideacentre mini 5-01imh05
- canonical/lenovo legion t7-34imz5 firmware
- canonical/lenovo legion t7-34imz5
- canonical/lenovo thinkcentre m625q firmware
- canonical/lenovo thinkcentre m625q
- canonical/lenovo thinkcentre m630e firmware
- canonical/lenovo thinkcentre m630e
- canonical/lenovo thinkcentre m70a firmware
- canonical/lenovo thinkcentre m70a
- canonical/lenovo thinkcentre m920z all-in-one firmware
- canonical/lenovo thinkcentre m920z all-in-one
- canonical/lenovo thinkcentre m920x firmware
- canonical/lenovo thinkcentre m920x
- canonical/lenovo thinkcentre m920t firmware
- canonical/lenovo thinkcentre m920t
- canonical/lenovo thinkcentre m920s firmware
- canonical/lenovo thinkcentre m920s
- canonical/lenovo thinkcentre m920q firmware
- canonical/lenovo thinkcentre m920q
- canonical/lenovo thinkcentre m90t firmware
- canonical/lenovo thinkcentre m90t
- canonical/lenovo thinkcentre m90s firmware
- canonical/lenovo thinkcentre m90s
- canonical/lenovo thinkcentre m90q tiny firmware
- canonical/lenovo thinkcentre m90q tiny
- canonical/lenovo thinkcentre m90a firmware
- canonical/lenovo thinkcentre m90a
- canonical/lenovo thinkcentre m820z all-in-one firmware
- canonical/lenovo thinkcentre m820z all-in-one
- canonical/lenovo thinkcentre m80t firmware
- canonical/lenovo thinkcentre m80t
- canonical/lenovo thinkcentre m80s firmware
- canonical/lenovo thinkcentre m80s
- canonical/lenovo thinkcentre m80q firmware
- canonical/lenovo thinkcentre m80q
- canonical/lenovo thinkcentre m75t gen 2 firmware
- canonical/lenovo thinkcentre m75t gen 2
- canonical/lenovo thinkcentre m75s gen 2 firmware
- canonical/lenovo thinkcentre m75s gen 2
- canonical/lenovo thinkcentre m75q gen 2 firmware
- canonical/lenovo thinkcentre m75q gen 2
- canonical/lenovo thinkcentre m75n firmware
- canonical/lenovo thinkcentre m75n
- canonical/lenovo thinkcentre m720t firmware
- canonical/lenovo thinkcentre m720t
- canonical/lenovo thinkcentre m720s firmware
- canonical/lenovo thinkcentre m720s
- canonical/lenovo thinkcentre m720q firmware
- canonical/lenovo thinkcentre m720q
- canonical/lenovo thinkcentre m70t firmware
- canonical/lenovo thinkcentre m70t
- canonical/lenovo thinkcentre m70s firmware
- canonical/lenovo thinkcentre m70s
- canonical/lenovo thinkcentre m70q firmware
- canonical/lenovo thinkcentre m70q
- canonical/lenovo thinkcentre m70c firmware
- canonical/lenovo thinkcentre m70c
- canonical/lenovo v50t-13iob g2 firmware
- canonical/lenovo v50t-13iob g2
- canonical/lenovo v55t gen 2 13acn firmware
- canonical/lenovo v55t gen 2 13acn
- canonical/lenovo v50t-13imh firmware
- canonical/lenovo v50t-13imh
- canonical/lenovo v50t-13imb firmware
- canonical/lenovo v50t-13imb
- canonical/lenovo v50s-07imb firmware
- canonical/lenovo v50s-07imb
- canonical/lenovo v50a-24imb firmware
- canonical/lenovo v50a-24imb
- canonical/lenovo v50a-22imb firmware
- canonical/lenovo v50a-22imb
- canonical/lenovo v30a-24iml firmware
- canonical/lenovo v30a-24iml
- canonical/lenovo v30a-22iml firmware
- canonical/lenovo v30a-22iml
- canonical/lenovo thinkedge se30 firmware
- canonical/lenovo thinkedge se30
- canonical/lenovo thinkstation p920 workstation firmware
- canonical/lenovo thinkstation p920 workstation
- canonical/lenovo thinkstation p720 workstation firmware
- canonical/lenovo thinkstation p720 workstation
- canonical/lenovo thinkstation p520c workstation firmware
- canonical/lenovo thinkstation p520c workstation
- canonical/lenovo thinkstation p520 workstation firmware
- canonical/lenovo thinkstation p520 workstation
- canonical/lenovo thinkstation p360 workstation firmware
- canonical/lenovo thinkstation p360 workstation
- canonical/lenovo thinkstation p350 workstation firmware
- canonical/lenovo thinkstation p350 workstation
- canonical/lenovo thinkstation p348 workstation firmware
- canonical/lenovo thinkstation p348 workstation
- canonical/lenovo thinkstation p340 workstation firmware
- canonical/lenovo thinkstation p340 workstation
- canonical/lenovo thinkstation p340 tiny workstation firmware
- canonical/lenovo thinkstation p340 tiny workstation
- canonical/lenovo thinkstation p330 workstation 2nd gen firmware
- canonical/lenovo thinkstation p330 workstation 2nd gen
- canonical/lenovo thinkstation p330 workstation firmware
- canonical/lenovo thinkstation p330 workstation
- canonical/lenovo thinkstation p330 tiny workstation firmware
- canonical/lenovo thinkstation p330 tiny workstation
- canonical/lenovo thinkstation p320 workstation firmware
- canonical/lenovo thinkstation p320 workstation