CVE-2024-4550

Summary

A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
LenovoP360 Workstation (ThinkStation) BIOS0 <= S0EKT43Aaffected
LenovoST50 (ThinkSystem) BIOS0 < ITE134Aaffected
LenovoST50 V2 (ThinkSystem) BIOS0 < TOE112Daffected
LenovoST58 (ThinkSystem) BIOS0 < ITE134Aaffected
LenovoST58 V2 (ThinkSystem) BIOS0 < TOE112Daffected

Weaknesses

  • CWE-121: CWE-121: Stack-based Buffer Overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References