CWE
125
Advisory Published
Updated

CVE-2023-45079

First published: Wed Nov 08 2023(Updated: )

A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Lenovo Ideacentre C5-14imb05 Firmware<o4hkt3ca
Lenovo Ideacentre C5-14imb05
Lenovo Ideacentre 3-07ada05 Firmware<o4fkt39a
Lenovo Ideacentre 3-07ada05
Lenovo Ideacentre 3-07imb05 Firmware<m2vkt21a
Lenovo Ideacentre 3-07imb05
Lenovo Ideacentre G5-14imb05 Firmware<o4hkt3ca
Lenovo Ideacentre G5-14imb05
Lenovo Ideacentre 5-14iob6 Firmware<m3gkt3da
Lenovo Ideacentre 5-14iob6
Lenovo Ideacentre Creator 5-14iob6 Firmware<m3gkt3da
Lenovo Ideacentre Creator 5-14iob6
Lenovo Ideacentre G5-14amr05 Firmware<o4zkt2ba
Lenovo Ideacentre G5-14amr05
Lenovo Ideacentre Gaming 5-14iob6 Firmware<m3gkt3da
Lenovo Ideacentre Gaming 5-14iob6
Lenovo Ideacentre Mini 5 01iaq7 Firmware<o53kt10a
Lenovo Ideacentre Mini 5 01iaq7
Lenovo Ideacentre Mini 5-01imh05 Firmware<o4ekt1ba
Lenovo Ideacentre Mini 5-01imh05
Lenovo Legion T7-34imz5 Firmware<o5fkt17a
Lenovo Legion T7-34imz5
Lenovo Thinkcentre M625q Firmware<m1wkt52a
Lenovo Thinkcentre M625q
Lenovo Thinkcentre M630e Firmware
Lenovo Thinkcentre M630e
Lenovo Thinkcentre M70a Firmware<m2skt29a
Lenovo Thinkcentre M70a
Lenovo Thinkcentre M920z All-in-one Firmware<m1mkt56a
Lenovo Thinkcentre M920z All-in-one
Lenovo Thinkcentre M920x Firmware<m1ukt72a
Lenovo Thinkcentre M920x
Lenovo Thinkcentre M920t Firmware<m1ukt72a
Lenovo Thinkcentre M920t
Lenovo Thinkcentre M920s Firmware<m1ukt72a
Lenovo Thinkcentre M920s
Lenovo Thinkcentre M920q Firmware<m1ukt72a
Lenovo Thinkcentre M920q
Lenovo Thinkcentre M90t Firmware<m2tkt55a
Lenovo Thinkcentre M90t
Lenovo Thinkcentre M90s Firmware<m2tkt55a
Lenovo Thinkcentre M90s
Lenovo Thinkcentre M90q Tiny Firmware<m2wkt5aa
Lenovo Thinkcentre M90q Tiny
Lenovo Thinkcentre M90a Firmware<m2rkt57a
Lenovo Thinkcentre M90a
Lenovo Thinkcentre M820z All-in-one Firmware<m1nkt62a
Lenovo Thinkcentre M820z All-in-one
Lenovo Thinkcentre M80t Firmware<m2tkt55a
Lenovo Thinkcentre M80t
Lenovo Thinkcentre M80s Firmware<m2tkt55a
Lenovo Thinkcentre M80s
Lenovo Thinkcentre M80q Firmware<m2wkt5aa
Lenovo Thinkcentre M80q
Lenovo Thinkcentre M75t Gen 2 Firmware
Lenovo Thinkcentre M75t Gen 2
Lenovo Thinkcentre M75s Gen 2 Firmware
Lenovo Thinkcentre M75s Gen 2
Lenovo Thinkcentre M75q Gen 2 Firmware<m47kt30a
Lenovo Thinkcentre M75q Gen 2
Lenovo Thinkcentre M75n Firmware<m33kt27a
Lenovo Thinkcentre M75n
Lenovo Thinkcentre M720t Firmware<m1ukt72a
Lenovo Thinkcentre M720t
Lenovo Thinkcentre M720s Firmware<m1ukt72a
Lenovo Thinkcentre M720s
Lenovo Thinkcentre M720q Firmware<m1ukt72a
Lenovo Thinkcentre M720q
Lenovo Thinkcentre M70t Firmware<m2tkt55a
Lenovo Thinkcentre M70t
Lenovo Thinkcentre M70s Firmware<m2tkt55a
Lenovo Thinkcentre M70s
Lenovo Thinkcentre M70q Firmware<m2wkt5aa
Lenovo Thinkcentre M70q
Lenovo Thinkcentre M70c Firmware<m2vkt21a
Lenovo Thinkcentre M70c
Lenovo V50t-13iob G2 Firmware<m3gkt3da
Lenovo V50t-13iob G2
Lenovo V55t Gen 2 13acn Firmware<o5jkt23a
Lenovo V55t Gen 2 13acn
Lenovo V50t-13imh Firmware<m4pkt13a
Lenovo V50t-13imh
Lenovo V50t-13imb Firmware<o4hkt3ca
Lenovo V50t-13imb
Lenovo V50s-07imb Firmware<m2vkt21a
Lenovo V50s-07imb
Lenovo V50a-24imb Firmware<m36kt32a
Lenovo V50a-24imb
Lenovo V50a-22imb Firmware<m36kt32a
Lenovo V50a-22imb
Lenovo V30a-24iml Firmware<m37kt31a
Lenovo V30a-24iml
Lenovo V30a-22iml Firmware<m37kt31a
Lenovo V30a-22iml
Lenovo Thinkedge Se30 Firmware<m3fkt2da
Lenovo Thinkedge Se30
Lenovo Thinkstation P920 Workstation Firmware
Lenovo Thinkstation P920 Workstation
Lenovo Thinkstation P720 Workstation Firmware
Lenovo Thinkstation P720 Workstation
Lenovo Thinkstation P520c Workstation Firmware
Lenovo Thinkstation P520c Workstation
Lenovo Thinkstation P520 Workstation Firmware
Lenovo Thinkstation P520 Workstation
Lenovo Thinkstation P360 Workstation Firmware
Lenovo Thinkstation P360 Workstation
Lenovo Thinkstation P360 Workstation Firmware<s0ekt45a
Lenovo Thinkstation P350 Workstation Firmware
Lenovo Thinkstation P350 Workstation
Lenovo Thinkstation P348 Workstation Firmware<m3kkt3ba
Lenovo Thinkstation P348 Workstation
Lenovo Thinkstation P340 Workstation Firmware<s08kt55a
Lenovo Thinkstation P340 Workstation
Lenovo Thinkstation P340 Tiny Workstation Firmware<m2wkt5aa
Lenovo Thinkstation P340 Tiny Workstation
Lenovo Thinkstation P330 Workstation 2nd Gen Firmware<m1vkt72a
Lenovo Thinkstation P330 Workstation 2nd Gen
Lenovo Thinkstation P330 Workstation Firmware<m1vkt72a
Lenovo Thinkstation P330 Workstation
Lenovo Thinkstation P330 Tiny Workstation Firmware<m1ukt72a
Lenovo Thinkstation P330 Tiny Workstation
Lenovo Thinkstation P320 Workstation Firmware<s06kt64a
Lenovo Thinkstation P320 Workstation

Remedy

Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2023-45079?

    CVE-2023-45079 is a memory leakage vulnerability in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

  • Is Lenovo Ideacentre C5-14imb05 affected by CVE-2023-45079?

    Yes, Lenovo Ideacentre C5-14imb05 with firmware version up to o4hkt3ca is affected by CVE-2023-45079.

  • How severe is CVE-2023-45079?

    CVE-2023-45079 has a severity keyword of medium and a severity value of 6.7.

  • How can I fix CVE-2023-45079?

    To mitigate CVE-2023-45079, it is recommended to apply the security patches provided by Lenovo. Refer to the vendor's security advisory for specific instructions.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203