Lucene search

[email protected]CVE-2023-45079

HistoryNov 08, 2023 - 11:15 p.m.

CVE-2023-45079

2023-11-0823:15:11

CWE-125

[email protected]

web.nvd.nist.gov

nvmramsmm

smm driver

memory leakage

cve-2023-45079

nvram variables

security vulnerability

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

Affected configurations

NVD

Node

lenovoideacentre_c5-14imb05_firmwareRange<o4hkt3ca

AND

lenovoideacentre_c5-14imb05Match-

Node

lenovoideacentre_3-07ada05_firmwareRange<o4fkt39a

AND

lenovoideacentre_3-07ada05Match-

Node

lenovoideacentre_3-07imb05_firmwareRange<m2vkt21a

AND

lenovoideacentre_3-07imb05Match-

Node

lenovoideacentre_g5-14imb05_firmwareRange<o4hkt3ca

AND

lenovoideacentre_g5-14imb05Match-

Node

lenovoideacentre_5-14iob6_firmwareRange<m3gkt3da

AND

lenovoideacentre_5-14iob6Match-

Node

lenovoideacentre_creator_5-14iob6_firmwareRange<m3gkt3da

AND

lenovoideacentre_creator_5-14iob6Match-

Node

lenovoideacentre_g5-14amr05_firmwareRange<o4zkt2ba

AND

lenovoideacentre_g5-14amr05Match-

Node

lenovoideacentre_g5-14imb05_firmwareRange<o4hkt3ca

AND

lenovoideacentre_g5-14imb05Match-

Node

lenovoideacentre_gaming_5-14iob6_firmwareRange<m3gkt3da

AND

lenovoideacentre_gaming_5-14iob6Match-

Node

lenovoideacentre_mini_5_01iaq7_firmwareRange<o53kt10a

AND

lenovoideacentre_mini_5_01iaq7Match-

Node

lenovoideacentre_mini_5-01imh05_firmwareRange<o4ekt1ba

AND

lenovoideacentre_mini_5-01imh05Match-

Node

lenovolegion_t7-34imz5_firmwareRange<o5fkt17a

AND

lenovolegion_t7-34imz5Match-

Node

lenovothinkcentre_m625q_firmwareRange<m1wkt52a

AND

lenovothinkcentre_m625qMatch-

Node

lenovothinkcentre_m630e_firmwareMatch-

AND

lenovothinkcentre_m630eMatch-

Node

lenovothinkcentre_m70a_firmwareRange<m2skt29a

AND

lenovothinkcentre_m70aMatch-

Node

lenovothinkcentre_m920z_all-in-one_firmwareRange<m1mkt56a

AND

lenovothinkcentre_m920z_all-in-oneMatch-

Node

lenovothinkcentre_m920x_firmwareRange<m1ukt72a

AND

lenovothinkcentre_m920xMatch-

Node

lenovothinkcentre_m920t_firmwareRange<m1ukt72a

AND

lenovothinkcentre_m920tMatch-

Node

lenovothinkcentre_m920s_firmwareRange<m1ukt72a

AND

lenovothinkcentre_m920sMatch-

Node

lenovothinkcentre_m920q_firmwareRange<m1ukt72a

AND

lenovothinkcentre_m920qMatch-

Node

lenovothinkcentre_m90t_firmwareRange<m2tkt55a

AND

lenovothinkcentre_m90tMatch-

Node

lenovothinkcentre_m90s_firmwareRange<m2tkt55a

AND

lenovothinkcentre_m90sMatch-

Node

lenovothinkcentre_m90q_tiny_firmwareRange<m2wkt5aa

AND

lenovothinkcentre_m90q_tinyMatch-

Node

lenovothinkcentre_m90a_firmwareRange<m2rkt57a

AND

lenovothinkcentre_m90aMatch-

Node

lenovothinkcentre_m820z_all-in-one_firmwareRange<m1nkt62a

AND

lenovothinkcentre_m820z_all-in-oneMatch-

Node

lenovothinkcentre_m80t_firmwareRange<m2tkt55a

AND

lenovothinkcentre_m80tMatch-

Node

lenovothinkcentre_m80s_firmwareRange<m2tkt55a

AND

lenovothinkcentre_m80sMatch-

Node

lenovothinkcentre_m80q_firmwareRange<m2wkt5aa

AND

lenovothinkcentre_m80qMatch-

Node

lenovothinkcentre_m75t_gen_2_firmwareMatch-

AND

lenovothinkcentre_m75t_gen_2Match-

Node

lenovothinkcentre_m75s_gen_2_firmwareMatch-

AND

lenovothinkcentre_m75s_gen_2Match-

Node

lenovothinkcentre_m75q_gen_2_firmwareRange<m47kt30a

AND

lenovothinkcentre_m75q_gen_2Match-

Node

lenovothinkcentre_m75n_firmwareRange<m33kt27a

AND

lenovothinkcentre_m75nMatch-

Node

lenovothinkcentre_m720t_firmwareRange<m1ukt72a

AND

lenovothinkcentre_m720tMatch-

Node

lenovothinkcentre_m720s_firmwareRange<m1ukt72a

AND

lenovothinkcentre_m720sMatch-

Node

lenovothinkcentre_m720q_firmwareRange<m1ukt72a

AND

lenovothinkcentre_m720qMatch-

Node

lenovothinkcentre_m70t_firmwareRange<m2tkt55a

AND

lenovothinkcentre_m70tMatch-

Node

lenovothinkcentre_m70s_firmwareRange<m2tkt55a

AND

lenovothinkcentre_m70sMatch-

Node

lenovothinkcentre_m70q_firmwareRange<m2wkt5aa

AND

lenovothinkcentre_m70qMatch-

Node

lenovothinkcentre_m70c_firmwareRange<m2vkt21a

AND

lenovothinkcentre_m70cMatch-

Node

lenovov50t-13iob_g2_firmwareRange<m3gkt3da

AND

lenovov50t-13iob_g2Match-

Node

lenovov55t_gen_2_13acn_firmwareRange<o5jkt23a

AND

lenovov55t_gen_2_13acnMatch-

Node

lenovov50t-13imh_firmwareRange<m4pkt13a

AND

lenovov50t-13imhMatch-

Node

lenovov50t-13imb_firmwareRange<o4hkt3ca

AND

lenovov50t-13imbMatch-

Node

lenovov50s-07imb_firmwareRange<m2vkt21a

AND

lenovov50s-07imbMatch-

Node

lenovov50a-24imb_firmwareRange<m36kt32a

AND

lenovov50a-24imbMatch-

Node

lenovov50a-22imb_firmwareRange<m36kt32a

AND

lenovov50a-22imbMatch-

Node

lenovov30a-24iml_firmwareRange<m37kt31a

AND

lenovov30a-24imlMatch-

Node

lenovov30a-22iml_firmwareRange<m37kt31a

AND

lenovov30a-22imlMatch-

Node

lenovothinkcentre_m70c_firmwareRange<m2vkt21a

AND

lenovothinkcentre_m70cMatch-

Node

lenovothinkedge_se30_firmwareRange<m3fkt2da

AND

lenovothinkedge_se30Match-

Node

lenovothinkstation_p920_workstation_firmwareMatch-

AND

lenovothinkstation_p920_workstationMatch-

Node

lenovothinkstation_p720_workstation_firmwareMatch-

AND

lenovothinkstation_p720_workstationMatch-

Node

lenovothinkstation_p520c_workstation_firmwareMatch-

AND

lenovothinkstation_p520c_workstationMatch-

Node

lenovothinkstation_p520_workstation_firmwareMatch-

AND

lenovothinkstation_p520_workstationMatch-

Node

lenovothinkstation_p360_workstation_firmwareMatch-

AND

lenovothinkstation_p360_workstationMatch-

Node

lenovothinkstation_p360_workstation_firmwareRange<s0ekt45a

AND

lenovothinkstation_p360_workstationMatch-

Node

lenovothinkstation_p350_workstation_firmwareMatch-

AND

lenovothinkstation_p350_workstationMatch-

Node

lenovothinkstation_p348_workstation_firmwareRange<m3kkt3ba

AND

lenovothinkstation_p348_workstationMatch-

Node

lenovothinkstation_p340_workstation_firmwareRange<s08kt55a

AND

lenovothinkstation_p340_workstationMatch-

Node

lenovothinkstation_p340_tiny_workstation_firmwareRange<m2wkt5aa

AND

lenovothinkstation_p340_tiny_workstationMatch-

Node

lenovothinkstation_p330_workstation_2nd_gen_firmwareRange<m1vkt72a

AND

lenovothinkstation_p330_workstation_2nd_genMatch-

Node

lenovothinkstation_p330_workstation_firmwareRange<m1vkt72a

AND

lenovothinkstation_p330_workstationMatch-

Node

lenovothinkstation_p330_tiny_workstation_firmwareRange<m1ukt72a

AND

lenovothinkstation_p330_tiny_workstationMatch-

Node

lenovothinkstation_p320_workstation_firmwareRange<s06kt64a

AND

lenovothinkstation_p320_workstationMatch-

CPENameOperatorVersion
lenovo:ideacentre_c5-14imb05_firmwarelenovo ideacentre c5-14imb05 firmwarelto4hkt3ca

CPE	Name	Operator	Version
lenovo:ideacentre_c5-14imb05_firmware	lenovo ideacentre c5-14imb05 firmware	lt	o4hkt3ca

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "BIOS",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-141775

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-45079

nvd1 prion1 cvelist1