lenovo yoga 9-15imh5 firmware经典缓冲区溢出漏洞(CVE-2023-4028)
CVE编号
CVE-2023-4028利用情况
暂无补丁情况
N/A披露时间
2023-08-18漏洞描述
A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.解决建议
"将组件 ideapad_1-14ada05_firmware 升级至 fqcn29ww 及以上版本""将组件 ideapad_1-14igl05_firmware 升级至 dwcn28ww 及以上版本""将组件 flex_5-14are05_firmware 升级至 eecn43ww 及以上版本""将组件 ideapad_flex_5_14abr8_firmware 升级至 l7cn17ww 及以上版本""将组件 ideapad_flex_5_14iau7_firmware 升级至 j7cn44ww 及以上版本""将组件 ideapad_flex_5_14iru8_firmware 升级至 l6cn20ww 及以上版本""将组件 thinkbook_13s_g4_iap_firmware 升级至 hwcn49ww 及以上版本""将组件 thinkbook_13x_g2_iap_firmware 升级至 hxcn54ww 及以上版本""将组件 13w_yoga_firmware 升级至 jacn38ww 及以上版本""将组件 13w_yoga_gen_2_firmware 升级至 kbcn20ww 及以上版本""将组件 flex_7_14iru8_firmware 升级至 l6cn20ww 及以上版本""将组件 thinkbook_13s_g2_are_firmware 升级至 fvcn28ww 及以上版本""将组件 thinkbook_13s_g2_itl_firmware 升级至 f9cn57ww 及以上版本""将组件 flex_5-14iil05_firmware 升级至 eccn45ww 及以上版本""将组件 flex_5-15alc05_firmware 升级至 gjcn32ww 及以上版本""将组件 ideapad_flex_5_16abr8_firmware 升级至 l7cn17ww 及以上版本""将组件 ideapad_flex_5_16iru8_firmware 升级至 l6cn20ww 及以上版本""将组件 thinkbook_13s_g3_acn_firmware 升级至 gmcn35ww 及以上版本""将组件 ideapad_1-11igl05_firmware 升级至 dwcn28ww 及以上版本""将组件 flex_5-15iil05_firmware 升级至 eccn45ww 及以上版本""将组件 ideapad_flex_5_14alc7_firmware 升级至 jccn35ww 及以上版本""将组件 ideapad_1-11ada05_firmware 升级至 fqcn29ww 及以上版本""将组件 ideapad_flex_5_16alc7_firmware 升级至 jccn35ww 及以上版本""将组件 ideapad_flex_5_16iau7_firmware 升级至 j7cn44ww 及以上版本""将组件 flex_5-15itl05_firmware 升级至 fxcn44ww 及以上版本""将组件 flex_5-14alc05_firmware 升级至 gjcn32ww 及以上版本""将组件 flex_5-14itl05_firmware 升级至 fxcn44ww 及以上版本""将组件 thinkbook_14s_g2_itl_firmware 升级至 f9cn57ww 及以上版本""将组件 yoga_9-15imh5_firmware 升级至 epcn32ww 及以上版本"
参考链接 |
|
|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-134879 |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 系统 | lenovo | 13w_yoga_firmware | * | Up to (excluding) jacn38ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | 13w_yoga_gen_2_firmware | * | Up to (excluding) kbcn20ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | flex_5-14alc05_firmware | * | Up to (excluding) gjcn32ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | flex_5-14are05_firmware | * | Up to (excluding) eecn43ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | flex_5-14iil05_firmware | * | Up to (excluding) eccn45ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | flex_5-14itl05_firmware | * | Up to (excluding) fxcn44ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | flex_5-15alc05_firmware | * | Up to (excluding) gjcn32ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | flex_5-15iil05_firmware | * | Up to (excluding) eccn45ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | flex_5-15itl05_firmware | * | Up to (excluding) fxcn44ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | flex_7_14iru8_firmware | * | Up to (excluding) l6cn20ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | ideapad_1-11ada05_firmware | * | Up to (excluding) fqcn29ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | ideapad_1-11igl05_firmware | * | Up to (excluding) dwcn28ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | ideapad_1-14ada05_firmware | * | Up to (excluding) fqcn29ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | ideapad_1-14igl05_firmware | * | Up to (excluding) dwcn28ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | ideapad_flex_5_14abr8_firmware | * | Up to (excluding) l7cn17ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | ideapad_flex_5_14alc7_firmware | * | Up to (excluding) jccn35ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | ideapad_flex_5_14iau7_firmware | * | Up to (excluding) j7cn44ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | ideapad_flex_5_14iru8_firmware | * | Up to (excluding) l6cn20ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | ideapad_flex_5_16abr8_firmware | * | Up to (excluding) l7cn17ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | ideapad_flex_5_16alc7_firmware | * | Up to (excluding) jccn35ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | ideapad_flex_5_16iau7_firmware | * | Up to (excluding) j7cn44ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | ideapad_flex_5_16iru8_firmware | * | Up to (excluding) l6cn20ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | thinkbook_13s_g2_are_firmware | * | Up to (excluding) fvcn28ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | thinkbook_13s_g2_itl_firmware | * | Up to (excluding) f9cn57ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | thinkbook_13s_g3_acn_firmware | * | Up to (excluding) gmcn35ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | thinkbook_13s_g4_iap_firmware | * | Up to (excluding) hwcn49ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | thinkbook_13x_g2_iap_firmware | * | Up to (excluding) hxcn54ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | thinkbook_14s_g2_itl_firmware | * | Up to (excluding) f9cn57ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | lenovo | yoga_9-15imh5_firmware | * | Up to (excluding) epcn32ww | |||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12_SP5 | kernel | * | Up to (excluding) 4.12.14-122.176.1 | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | 13w_yoga | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | 13w_yoga_gen_2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | flex_5-14alc05 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | flex_5-14are05 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | flex_5-14iil05 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | flex_5-14itl05 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | flex_5-15alc05 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | flex_5-15iil05 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | flex_5-15itl05 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | flex_7_14iru8 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | ideapad_1-11ada05 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | ideapad_1-11igl05 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | ideapad_1-14ada05 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | ideapad_1-14igl05 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | ideapad_flex_5_14abr8 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | ideapad_flex_5_14alc7 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | ideapad_flex_5_14iau7 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | ideapad_flex_5_14iru8 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | ideapad_flex_5_16abr8 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | ideapad_flex_5_16alc7 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | ideapad_flex_5_16iau7 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | ideapad_flex_5_16iru8 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | thinkbook_13s_g2_are | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | thinkbook_13s_g2_itl | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | thinkbook_13s_g3_acn | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | thinkbook_13s_g4_iap | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | thinkbook_13x_g2_iap | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | thinkbook_14s_g2_itl | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lenovo | yoga_9-15imh5 | - | - | |||||
- 攻击路径 本地
- 攻击复杂度 低
- 权限要求 高
- 影响范围 未更改
- 用户交互 无
- 可用性 高
- 保密性 高
- 完整性 高
| CWE-ID | 漏洞类型 |
| CWE-120 | 未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出) |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论