CVE-2024-3100

Summary

A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
Lenovo100w Gen 3 Laptop (Lenovo) BIOS0 < GACN48WWaffected
Lenovo100w Gen 4 Laptop (Lenovo) BIOS0 < L2CN34WW/L3CN34WWaffected
Lenovo13w Yoga (Type 82S1, 82S2) Laptop (Lenovo) BIOS0 < JACN41WWaffected
Lenovo13w Yoga Gen 2 (Type 82YR, 82YS) Laptop (Lenovo) BIOS0 < KBCN29WWaffected
Lenovo14W Gen 2 Laptop (Lenovo) BIOS0 < H0CN29WWaffected
Lenovo300w Gen 3 Laptop (Lenovo) BIOS0 < GACN48WWaffected
Lenovo300w Yoga Gen 4 Laptop (Lenovo) BIOS0 < L2CN34WW/L3CN34WWaffected
Lenovo500w Yoga Gen 4 Laptop (Lenovo) BIOS0 < L2CN34WW/L3CN34WWaffected
LenovoFlex 5-14ITL05 Laptop (ideapad) BIOS0 < FXCN47WWaffected
LenovoFlex 5-15ITL05 Laptop (ideapad) BIOS0 < FXCN47WWaffected
LenovoIdeaPad 1 14ALC7 Laptop BIOS0 < JTCN54WWaffected
LenovoIdeaPad 1 15ALC7 Laptop BIOS0 < JTCN54WWaffected
LenovoIdeaPad 1-11IGL05 Laptop BIOS0 < DWCN31WWaffected
LenovoIdeaPad 1-14IGL05 Laptop BIOS0 < DWCN31WWaffected
LenovoIdeaPad 3 14ABA7 Laptop BIOS0 < JTCN54WWaffected
LenovoIdeaPad 3 15ABA7 Laptop BIOS0 < JTCN54WWaffected
LenovoIdeaPad 3 17ABA7 Laptop BIOS0 < JTCN54WWaffected
LenovoIdeaPad 3-14ALC6 Laptop BIOS0 <= GLCN63WWaffected
LenovoIdeaPad 3-15ALC6 Laptop BIOS0 <= GLCN63WWaffected
LenovoIdeaPad 3-17ALC6 Laptop BIOS0 <= GLCN63WWaffected
Lenovoideapad 5-15ALC05 Laptop BIOS0 < H2CN35WWaffected
LenovoIdeaPad Flex 5 14ABR8 BIOS0 < L7CN21WWaffected
LenovoIdeaPad Flex 5 14ALC7 Laptop BIOS0 < JCCN40WWaffected
LenovoIdeaPad Flex 5 14IAU7 Laptop BIOS0 < J7CN48WWaffected
LenovoIdeaPad Flex 5 14IRU8 BIOS0 < L6CN24WWaffected
LenovoIdeaPad Flex 5 16ABR8 BIOS0 < L7CN21WWaffected
LenovoIdeaPad Flex 5 16ALC7 BIOS0 < JCCN40WWaffected
LenovoIdeaPad Flex 5 16IAU7 BIOS0 < J7CN48WWaffected
LenovoIdeaPad Flex 5 16IRU8 BIOS0 < L6CN24WWaffected
LenovoIdeaPad Slim 3 14ABR8 BIOS0 <= KYCN32WWaffected
LenovoIdeaPad Slim 3 14AMN8 BIOS0 < L1CN41WWaffected
LenovoIdeaPad Slim 3 15ABR8 BIOS0 <= KYCN32WWaffected
LenovoIdeaPad Slim 3 15AMN8 BIOS0 < L1CN41WWaffected
LenovoIdeaPad Slim 3 16ABR8 BIOS0 <= KYCN32WWaffected
LenovoIdeaPad Slim 5 Light 14ABR8 BIOS0 <= L9CN26WWaffected
LenovoK14 G2 IRU BIOS0 < MMCN36WWaffected
LenovoLenovo Flex 7 14IAU7 BIOS0 < J7CN48WWaffected
LenovoLenovo Flex 7 14IRU8 BIOS0 < L6CN24WWaffected
LenovoLenovo V14 G3 ABA Laptop BIOS0 < JTCN54WWaffected
LenovoLenovo V14 G4 ABP BIOS0 < MSCN16WWaffected
LenovoLenovo V14 G4 AMN BIOS0 < L1CN41WWaffected
LenovoLenovo V15 G3 ABA Laptop BIOS0 < JTCN54WWaffected
LenovoLenovo V15 G4 ABP BIOS0 < MSCN16WWaffected
LenovoLenovo V15 G4 AMN BIOS0 < L1CN41WWaffected
LenovoThinkBook 13s G4 ARB BIOS0 < HZCN55WWaffected
LenovoThinkBook 13s G4 IAP BIOS0 < HWCN52WWaffected
LenovoThinkBook 13x G2 IAP Laptop BIOS0 < HXCN57WWaffected
LenovoThinkBook 14 G6 ABP BIOS0 < MNCN27WWaffected
LenovoThinkBook 14 G6 IRL BIOS0 < MMCN36WWaffected
LenovoThinkBook 16 G6 ABP BIOS0 < MNCN27WWaffected
LenovoThinkBook 16 G6 IRL BIOS0 < MMCN36WWaffected
LenovoV14 G2-ALC Laptop (Lenovo) BIOS0 <= GLCN63WWaffected
LenovoV15 G2-ALC Laptop (Lenovo) BIOS0 <= GLCN63WWaffected
LenovoYoga Slim 7 Pro-14ACH5 Laptop (ideapad) BIOS0 < GZCN36WWaffected
LenovoYoga Slim 7 Pro-14ACH5 O Laptop (ideapad) BIOS0 < GZCN36WWaffected

Weaknesses

  • CWE-121: CWE-121: Stack-based Buffer Overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References