CVE-2023-43572

MEDIUM

Lenovo Desktop - Info Disclosure

Title source: llm

Description

A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.

References (1)

[Vendor Advisory] https://support.lenovo.com/us/en/product_security/LEN-141775

Scores

CVSS v3 4.4

EPSS 0.0004

EPSS Percentile 10.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-125 CWE-126

Status published

Affected Products (50)

lenovo/v50a-22imb_firmware < m36kt32a

lenovo/ideacentre_c5-14imb05_firmware < o4hkt3ca

lenovo/ideacentre_3-07ada05_firmware < o4fkt39a

lenovo/ideacentre_3-07imb05_firmware < m2vkt21a

lenovo/ideacentre_5_14iab7_firmware < m42kt46a

lenovo/ideacentre_5_14irb8_firmware < m4ukt36a

lenovo/ideacentre_5-14acn6_firmware

lenovo/ideacentre_t540-15ama_g_firmware

lenovo/thinkcentre_neo_70t_gen_3_firmware < m40kt45a

lenovo/thinkcentre_neo_50t_gen_3_firmware < m42kt46a

lenovo/thinkcentre_neo_50a_24_gen_4_firmware < o5xkt18a

lenovo/thinkcentre_neo_50a_24_gen_3_firmware < o5rkt41a

lenovo/thinkcentre_neo_30a_27_gen_4_firmware < o5nkt33a

lenovo/thinkcentre_neo_30a_27_gen_4_firmware

lenovo/thinkcentre_neo_30a_27_gen_3_firmware < o5nkt33a

... and 35 more

Timeline

Published Nov 08, 2023

Tracked Since Feb 18, 2026