CVE-2023-2290
MEDIUMLenovo ThinkPad E14/E15/L13/L14 Firmware - Authenticated Out-of-bounds Write via LenovoFlashDeviceInterface SMI Handler
Title source: llmDescription
A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.
References (1)
Core 1
Core References
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-106014
Scores
CVSS v3
6.4
EPSS
0.0005
EPSS Percentile
15.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-787
Status
published
Products (50)
lenovo/thinkpad_e14_firmware
1.23
lenovo/thinkpad_e14_gen_2_firmware
1.55
lenovo/thinkpad_e14_gen_4_firmware
1.18
lenovo/thinkpad_e14_gen_4_firmware
1.16
lenovo/thinkpad_e15_firmware
1.23
lenovo/thinkpad_e15_gen_2_firmware
1.55
lenovo/thinkpad_e15_gen_4_firmware
1.18
lenovo/thinkpad_e15_gen_4_firmware
1.16
lenovo/thinkpad_e490_firmware
1.34
lenovo/thinkpad_e490s_firmware
1.34
... and 40 more
Published
Jun 26, 2023
Tracked Since
Feb 18, 2026