Vulnerability Description
A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Thinkpad E14 Firmware | 1.23 |
| Lenovo | Thinkpad E14 | - |
| Lenovo | Thinkpad E14 Gen 2 Firmware | 1.55 |
| Lenovo | Thinkpad E14 Gen 2 | - |
| Lenovo | Thinkpad E14 Gen 4 Firmware | 1.18 |
| Lenovo | Thinkpad E14 Gen 4 | - |
| Lenovo | Thinkpad E15 Firmware | 1.23 |
| Lenovo | Thinkpad E15 | - |
| Lenovo | Thinkpad E15 Gen 2 Firmware | 1.55 |
| Lenovo | Thinkpad E15 Gen 2 | - |
| Lenovo | Thinkpad E15 Gen 4 Firmware | 1.18 |
| Lenovo | Thinkpad E15 Gen 4 | - |
| Lenovo | Thinkpad E490 Firmware | 1.34 |
| Lenovo | Thinkpad E490 | - |
| Lenovo | Thinkpad E490S Firmware | 1.34 |
| Lenovo | Thinkpad E490S | - |
| Lenovo | Thinkpad E590 Firmware | 1.34 |
| Lenovo | Thinkpad E590 | - |
| Lenovo | Thinkpad L13 Gen 3 Firmware | 1.14 |
| Lenovo | Thinkpad L13 Gen 3 | - |
Related Weaknesses (CWE)
References
- https://support.lenovo.com/us/en/product_security/LEN-106014Vendor Advisory
- https://support.lenovo.com/us/en/product_security/LEN-106014Vendor Advisory
FAQ
What is CVE-2023-2290?
CVE-2023-2290 is a vulnerability with a CVSS score of 6.4 (MEDIUM). A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.
How severe is CVE-2023-2290?
CVE-2023-2290 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-2290?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkpad E14 Firmware, Lenovo Thinkpad E14, Lenovo Thinkpad E14 Gen 2 Firmware, Lenovo Thinkpad E14 Gen 2, Lenovo Thinkpad E14 Gen 4 Firmware.