CVE-2023-45079

A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

Published: Nov 9, 2023
Updated: Nov 17, 2023
CVE: CVE-2023-45079
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
lenovo / ideacentre_c5-14imb05_firmware	-	o4hkt3ca
lenovo / ideacentre_3-07ada05_firmware	-	o4fkt39a
lenovo / ideacentre_3-07imb05_firmware	-	m2vkt21a
lenovo / ideacentre_g5-14imb05_firmware	-	o4hkt3ca
lenovo / ideacentre_5-14iob6_firmware	-	m3gkt3da
lenovo / ideacentre_creator_5-14iob6_firmware	-	m3gkt3da
lenovo / ideacentre_g5-14amr05_firmware	-	o4zkt2ba
lenovo / ideacentre_gaming_5-14iob6_firmware	-	m3gkt3da
lenovo / ideacentre_mini_5_01iaq7_firmware	-	o53kt10a
lenovo / ideacentre_mini_5-01imh05_firmware	-	o4ekt1ba
lenovo / legion_t7-34imz5_firmware	-	o5fkt17a
lenovo / thinkcentre_m625q_firmware	-	m1wkt52a
lenovo / thinkcentre_m70a_firmware	-	m2skt29a
lenovo / thinkcentre_m920z_all-in-one_firmware	-	m1mkt56a
lenovo / thinkcentre_m920x_firmware	-	m1ukt72a
lenovo / thinkcentre_m920t_firmware	-	m1ukt72a
lenovo / thinkcentre_m920s_firmware	-	m1ukt72a
lenovo / thinkcentre_m920q_firmware	-	m1ukt72a
lenovo / thinkcentre_m90t_firmware	-	m2tkt55a
lenovo / thinkcentre_m90s_firmware	-	m2tkt55a
lenovo / thinkcentre_m90q_tiny_firmware	-	m2wkt5aa
lenovo / thinkcentre_m90a_firmware	-	m2rkt57a
lenovo / thinkcentre_m820z_all-in-one_firmware	-	m1nkt62a
lenovo / thinkcentre_m80t_firmware	-	m2tkt55a
lenovo / thinkcentre_m80s_firmware	-	m2tkt55a
lenovo / thinkcentre_m80q_firmware	-	m2wkt5aa
lenovo / thinkcentre_m75q_gen_2_firmware	-	m47kt30a
lenovo / thinkcentre_m75n_firmware	-	m33kt27a
lenovo / thinkcentre_m720t_firmware	-	m1ukt72a
lenovo / thinkcentre_m720s_firmware	-	m1ukt72a
lenovo / thinkcentre_m720q_firmware	-	m1ukt72a
lenovo / thinkcentre_m70t_firmware	-	m2tkt55a
lenovo / thinkcentre_m70s_firmware	-	m2tkt55a
lenovo / thinkcentre_m70q_firmware	-	m2wkt5aa
lenovo / thinkcentre_m70c_firmware	-	m2vkt21a
lenovo / v50t-13iob_g2_firmware	-	m3gkt3da
lenovo / v55t_gen_2_13acn_firmware	-	o5jkt23a
lenovo / v50t-13imh_firmware	-	m4pkt13a
lenovo / v50t-13imb_firmware	-	o4hkt3ca
lenovo / v50s-07imb_firmware	-	m2vkt21a
lenovo / v50a-24imb_firmware	-	m36kt32a
lenovo / v50a-22imb_firmware	-	m36kt32a
lenovo / v30a-24iml_firmware	-	m37kt31a
lenovo / v30a-22iml_firmware	-	m37kt31a
lenovo / thinkedge_se30_firmware	-	m3fkt2da
lenovo / thinkstation_p360_workstation_firmware	-	s0ekt45a
lenovo / thinkstation_p348_workstation_firmware	-	m3kkt3ba
lenovo / thinkstation_p340_workstation_firmware	-	s08kt55a
lenovo / thinkstation_p340_tiny_workstation_firmware	-	m2wkt5aa
lenovo / thinkstation_p330_workstation_2nd_gen_firmware	-	m1vkt72a
lenovo / thinkstation_p330_workstation_firmware	-	m1vkt72a
lenovo / thinkstation_p330_tiny_workstation_firmware	-	m1ukt72a
lenovo / thinkstation_p320_workstation_firmware	-	s06kt64a

https://support.lenovo.com/us/en/product_security/LEN-141775

Vulnerability Database

289,697

CVE-2023-45079