CVE-2023-4029

Summary

A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
LenovoThinkPadvariousaffected

Weaknesses

  • CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References