CVE-2024-3100
MEDIUMLenovo BIOS Authenticated Stack-based Buffer Overflow
Title source: llmDescription
A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code.
References (1)
Core 1
Core References
Various Sources
https://support.lenovo.com/us/en/product_security/LEN-165524
Scores
CVSS v3
6.7
EPSS
0.0010
EPSS Percentile
27.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-121
Status
published
Products (50)
Lenovo/100w Gen 3 Laptop (Lenovo) BIOS
< GACN48WW
Lenovo/100w Gen 4 Laptop (Lenovo) BIOS
< L2CN34WW/L3CN34WW
Lenovo/13w Yoga (Type 82S1, 82S2) Laptop (Lenovo) BIOS
< JACN41WW
Lenovo/13w Yoga Gen 2 (Type 82YR, 82YS) Laptop (Lenovo) BIOS
< KBCN29WW
Lenovo/14W Gen 2 Laptop (Lenovo) BIOS
< H0CN29WW
Lenovo/300w Gen 3 Laptop (Lenovo) BIOS
< GACN48WW
Lenovo/300w Yoga Gen 4 Laptop (Lenovo) BIOS
< L2CN34WW/L3CN34WW
Lenovo/500w Yoga Gen 4 Laptop (Lenovo) BIOS
< L2CN34WW/L3CN34WW
Lenovo/Flex 5-14ITL05 Laptop (ideapad) BIOS
< FXCN47WW
Lenovo/Flex 5-15ITL05 Laptop (ideapad) BIOS
< FXCN47WW
... and 40 more
Published
Sep 13, 2024
Tracked Since
Feb 18, 2026