CVE-2023-43570

MEDIUM

OemSmi - Code Injection

Title source: llm

Description

A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code.

References (1)

Scores

CVSS v3 6.7
EPSS 0.0005
EPSS Percentile 14.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-20
Status published

Affected Products (50)

lenovo/ideacentre_c5-14imb05_firmware < o4hkt3ca
lenovo/ideacentre_3-07ada05_firmware < o4fkt39a
lenovo/ideacentre_3-07imb05_firmware < m2vkt21a
lenovo/ideacentre_5_14iab7_firmware < m42kt46a
lenovo/ideacentre_5_14irb8_firmware < m4ukt36a
lenovo/ideacentre_5-14acn6_firmware
lenovo/ideacentre_t540-15ama_g_firmware
lenovo/thinkcentre_neo_70t_gen_3_firmware < m40kt45a
lenovo/thinkcentre_neo_50t_gen_3_firmware < m42kt46a
lenovo/thinkcentre_neo_50a_24_gen_4_firmware < o5xkt18a
lenovo/thinkcentre_neo_50a_24_gen_3_firmware < o5rkt41a
lenovo/thinkcentre_neo_30a_27_gen_4_firmware < o5nkt33a
lenovo/thinkcentre_neo_30a_27_gen_4_firmware
lenovo/thinkcentre_neo_30a_27_gen_3_firmware < o5nkt33a
lenovo/thinkcentre_neo_30a_24_gen_4_firmware < o5nkt33a
... and 35 more

Timeline

Published Nov 08, 2023
Tracked Since Feb 18, 2026