medium
6.7
CWE
1419
Advisory Published
Updated

CVE-2023-5078

First published: Wed Nov 08 2023(Updated: )

A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
All of
Lenovo Thinkpad X13 Gen 3
Lenovo Thinkpad X13 Gen 3 Firmware
All of
Lenovo Thinkpad S2 Yoga Gen 7
Lenovo Thinkpad S2 Yoga Gen 7 Firmware<1.19
All of
Lenovo Thinkpad S2 Yoga Gen 6
Lenovo Thinkpad S2 Yoga Gen 6 Firmware
All of
Lenovo Thinkpad S2 Gen 8
Lenovo Thinkpad S2 Gen 8 Firmware
All of
Lenovo Thinkpad P14s Gen 3
Lenovo Thinkpad P14s Gen 3 Firmware
All of
Lenovo Thinkpad P16s Gen 1
Lenovo Thinkpad P16s Gen 1 Firmware
All of
Lenovo Thinkpad T14 Gen 3 Firmware
Lenovo Thinkpad T14 Gen 3
All of
Lenovo Thinkpad T14s Gen 3 Firmware
Lenovo Thinkpad T14s Gen 3
All of
Lenovo Thinkpad T16 Gen 1 Firmware
Lenovo Thinkpad T16 Gen 1
All of
Lenovo Thinkpad L14 Gen 3 Firmware<1.23
Lenovo Thinkpad L14 Gen 3
All of
Lenovo Thinkpad L14 Gen 4 Firmware<1.1
Lenovo Thinkpad L14 Gen 4
All of
Lenovo Thinkpad L15 Gen 3 Firmware<1.23
Lenovo Thinkpad L15 Gen 3
All of
Lenovo Thinkpad L15 Gen 4 Firmware<1.1
Lenovo Thinkpad L15 Gen 4
All of
Lenovo Thinkpad L13 Yoga Gen 4 Firmware
Lenovo Thinkpad L13 Yoga Gen 4
All of
Lenovo Thinkpad L13 Yoga Gen 3 Firmware<1.19
Lenovo Thinkpad L13 Yoga Gen 3
All of
Lenovo Thinkpad L13 Yoga Gen 2 Firmware
Lenovo Thinkpad L13 Yoga Gen 2
All of
Lenovo Thinkpad L13 Gen 4 Firmware
Lenovo Thinkpad L13 Gen 4
All of
Lenovo Thinkpad L13 Gen 3 Firmware<1.19
Lenovo Thinkpad L13 Gen 3
All of
Lenovo Thinkpad L13 Gen 2 Firmware
Lenovo Thinkpad L13 Gen 2
All of
Lenovo Thinkpad S2 Yoga Gen 8 Firmware
Lenovo Thinkpad S2 Yoga Gen 8

Remedy

Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID?

    The vulnerability ID is CVE-2023-5078.

  • What is the severity of CVE-2023-5078?

    The severity of CVE-2023-5078 is medium.

  • How does CVE-2023-5078 affect Lenovo Thinkpad X13 Gen 3?

    Lenovo Thinkpad X13 Gen 3 is affected by CVE-2023-5078.

  • How can a physical or local attacker with elevated privileges exploit CVE-2023-5078?

    A physical or local attacker with elevated privileges can exploit CVE-2023-5078 to tamper with BIOS firmware.

  • Where can I find more information about CVE-2023-5078?

    You can find more information about CVE-2023-5078 at the following link: [CVE-2023-5078](https://support.lenovo.com/us/en/product_security/LEN-141775)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203