CVE-2023-4028

MEDIUM

Lenovo Yoga and IdeaPad Flex Firmware - Authenticated Buffer Overflow in SystemUserMasterHddPwdDxe Driver

Title source: llm
STIX 2.1

Description

A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

References (1)

Core 1

Scores

CVSS v3 6.7
EPSS 0.0018
EPSS Percentile 8.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-120
Status published
Products (29)
lenovo/13w_yoga_firmware < jacn38ww
lenovo/13w_yoga_gen_2_firmware < kbcn20ww
lenovo/flex_5-14alc05_firmware < gjcn32ww
lenovo/flex_5-14are05_firmware < eecn43ww
lenovo/flex_5-14iil05_firmware < eccn45ww
lenovo/flex_5-14itl05_firmware < fxcn44ww
lenovo/flex_5-15alc05_firmware < gjcn32ww
lenovo/flex_5-15iil05_firmware < eccn45ww
lenovo/flex_5-15itl05_firmware < fxcn44ww
lenovo/flex_7_14iru8_firmware < l6cn20ww
... and 19 more
Published Aug 17, 2023
Tracked Since Feb 18, 2026