CVE-2023-4028 — MEDIUM (6.7)

Q: How severe is CVE-2023-4028?

CVE-2023-4028 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-4028?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo 13W Yoga Firmware, Lenovo 13W Yoga, Lenovo 13W Yoga Gen 2 Firmware, Lenovo 13W Yoga Gen 2, Lenovo Ideapad 1-11Ada05 Firmware.

Vulnerability Description

A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Lenovo	13W Yoga Firmware	< jacn38ww
Lenovo	13W Yoga	-
Lenovo	13W Yoga Gen 2 Firmware	< kbcn20ww
Lenovo	13W Yoga Gen 2	-
Lenovo	Ideapad 1-11Ada05 Firmware	< fqcn29ww
Lenovo	Ideapad 1-11Ada05	-
Lenovo	Ideapad 1-11Igl05 Firmware	< dwcn28ww
Lenovo	Ideapad 1-11Igl05	-
Lenovo	Ideapad 1-14Ada05 Firmware	< fqcn29ww
Lenovo	Ideapad 1-14Ada05	-
Lenovo	Ideapad 1-14Igl05 Firmware	< dwcn28ww
Lenovo	Ideapad 1-14Igl05	-
Lenovo	Flex 5-14Alc05 Firmware	< gjcn32ww
Lenovo	Flex 5-14Alc05	-
Lenovo	Flex 5-14Are05 Firmware	< eecn43ww
Lenovo	Flex 5-14Are05	-
Lenovo	Flex 5-14Iil05 Firmware	< eccn45ww
Lenovo	Flex 5-14Iil05	-
Lenovo	Flex 5-14Itl05 Firmware	< fxcn44ww
Lenovo	Flex 5-14Itl05	-

Related Weaknesses (CWE)

CWE-120

References

https://support.lenovo.com/us/en/product_security/LEN-134879Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-134879Vendor Advisory

FAQ

What is CVE-2023-4028?

CVE-2023-4028 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrar...

How severe is CVE-2023-4028?

CVE-2023-4028 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-4028?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo 13W Yoga Firmware, Lenovo 13W Yoga, Lenovo 13W Yoga Gen 2 Firmware, Lenovo 13W Yoga Gen 2, Lenovo Ideapad 1-11Ada05 Firmware.