CVE-2023-43571

MEDIUM

Lenovo Desktop - Buffer Overflow

Title source: llm

Description

A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

References (1)

[Vendor Advisory] https://support.lenovo.com/us/en/product_security/LEN-141775

Scores

CVSS v3 6.7

EPSS 0.0004

EPSS Percentile 10.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-120

Status published

Affected Products (50)

lenovo/ideacentre_c5-14imb05_firmware < o4hkt3ca

lenovo/ideacentre_3-07ada05_firmware < o4fkt39a

lenovo/ideacentre_3-07imb05_firmware < m2vkt21a

lenovo/ideacentre_5_14iab7_firmware < m42kt46a

lenovo/ideacentre_5_14irb8_firmware < m4ukt36a

lenovo/ideacentre_5-14acn6_firmware

lenovo/ideacentre_t540-15ama_g_firmware

lenovo/thinkcentre_neo_70t_gen_3_firmware < m40kt45a

lenovo/thinkcentre_neo_50t_gen_3_firmware < m42kt46a

lenovo/thinkcentre_neo_50a_24_gen_4_firmware < o5xkt18a

lenovo/thinkcentre_neo_50a_24_gen_3_firmware < o5rkt41a

lenovo/thinkcentre_neo_30a_27_gen_4_firmware < o5nkt33a

lenovo/thinkcentre_neo_30a_27_gen_4_firmware

lenovo/thinkcentre_neo_30a_27_gen_3_firmware < o5nkt33a

lenovo/thinkcentre_neo_30a_24_gen_4_firmware < o5nkt33a

... and 35 more

Timeline

Published Nov 08, 2023

Tracked Since Feb 18, 2026