Multiple vulnerabilities in Lenovo Insyde BIOS firmware



Published: 2023-04-12
Risk Low
Patch available NO
Number of vulnerabilities 6
CVE-ID CVE-2023-22614
CVE-2023-22616
CVE-2023-22613
CVE-2023-22615
CVE-2023-22612
CVE-2022-24350
CWE-ID CWE-119
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
ideapad D330-10IGL
Hardware solutions / Firmware

IdeaPad 1 14IAU7
Hardware solutions / Firmware

IdeaPad 1 15IAU7
Hardware solutions / Firmware

IdeaPad 3 14IAU7
Hardware solutions / Firmware

IdeaPad 3 15IAU7
Hardware solutions / Firmware

IdeaPad 3 17IAU7
Hardware solutions / Firmware

IdeaPad 3-14ARE05
Hardware solutions / Firmware

IdeaPad 3-15ARE05
Hardware solutions / Firmware

IdeaPad 3-17ARE05
Hardware solutions / Firmware

IdeaPad 3-17ITL6
Hardware solutions / Firmware

IdeaPad 5 14IAL7
Hardware solutions / Firmware

IdeaPad 5 15IAL7
Hardware solutions / Firmware

IdeaPad 5 Pro 14IAP7
Hardware solutions / Firmware

IdeaPad 5 Pro 16IAH7
Hardware solutions / Firmware

IdeaPad 5-14ITL05
Hardware solutions / Firmware

IdeaPad Duet 3 10IGL5
Hardware solutions / Firmware

IdeaPad Duet 5 12IAU7
Hardware solutions / Firmware

IdeaPad Gaming 3 15IAH7
Hardware solutions / Firmware

IdeaPad Gaming 3 16IAH7
Hardware solutions / Firmware

IdeaPad Gaming 3-15IHU6
Hardware solutions / Firmware

ideapad L3-15ITL6
Hardware solutions / Firmware

Lenovo Legion 5 15IAH7
Hardware solutions / Firmware

Lenovo Legion 5 15IAH7H
Hardware solutions / Firmware

Lenovo Legion 5 Pro 16IA H7
Hardware solutions / Firmware

Lenovo Legion 5 Pro 16IAH7H
Hardware solutions / Firmware

Lenovo Legion 5 Pro-16ITH6
Hardware solutions / Firmware

Lenovo Legion 5 Pro-16ITH6H
Hardware solutions / Firmware

Lenovo Legion 5-15ITH6
Hardware solutions / Firmware

Lenovo Legion 5-15ITH6H
Hardware solutions / Firmware

Lenovo Legion 5-17ITH6
Hardware solutions / Firmware

Lenovo Legion 5-17ITH6H
Hardware solutions / Firmware

Legion 7 16IAX7
Hardware solutions / Firmware

Lenovo Legion 7-16ITHg6
Hardware solutions / Firmware

Lenovo Legion S7 16IAH7
Hardware solutions / Firmware

Lenovo S14 G2 ITL
Hardware solutions / Firmware

Lenovo S14 G3 IAP
Hardware solutions / Firmware

Lenovo Slim 7 14IAP7
Hardware solutions / Firmware

Lenovo Slim 7 14IRP8
Hardware solutions / Firmware

Lenovo Slim 7 Carbon 13IAP7
Hardware solutions / Firmware

Lenovo Slim 7 Carbon 13IRP8
Hardware solutions / Firmware

Lenovo Slim 7 ProX 14IAH7
Hardware solutions / Firmware

Lenovo Slim 9 14IAP7
Hardware solutions / Firmware

Lenovo V14 G3 IAP
Hardware solutions / Firmware

Lenovo V15 G3 IAP
Hardware solutions / Firmware

Lenovo V17 G3 IAP
Hardware solutions / Firmware

ideapad S540-13ARE
Hardware solutions / Firmware

ideapad S540-13ITL
Hardware solutions / Firmware

Lenovo Slim 7 16IAH7
Hardware solutions / Firmware

IdeaPad Slim 7 Pro-14IHU5
Hardware solutions / Firmware

ideapad Slim 7-14ARE05
Hardware solutions / Firmware

ideapad Slim 7-14ITL05
Hardware solutions / Firmware

ideapad Slim 7-15ITL05
Hardware solutions / Firmware

ThinkBook 13x ITG
Hardware solutions / Firmware

ThinkBook 14 G2 ITL
Hardware solutions / Firmware

ThinkBook 14 G3 ITL
Hardware solutions / Firmware

ThinkBook 14 G4 IAP
Hardware solutions / Firmware

ThinkBook 14 G4+ IAP
Hardware solutions / Firmware

ThinkBook 14s Yoga G2 IAP
Hardware solutions / Firmware

ThinkBook 14s Yoga ITL
Hardware solutions / Firmware

ThinkBook 15 G2 ITL
Hardware solutions / Firmware

ThinkBook 15 G3 ITL
Hardware solutions / Firmware

ThinkBook 15 G4 IAP
Hardware solutions / Firmware

ThinkBook 15P G2 ITH
Hardware solutions / Firmware

ThinkBook 16 G4+ IAP
Hardware solutions / Firmware

ThinkBook Plus G2 ITG
Hardware solutions / Firmware

ThinkBook Plus G3 IAP
Hardware solutions / Firmware

Lenovo V14 G2-ITL
Hardware solutions / Firmware

Len ovo V14-ARE
Hardware solutions / Firmware

Lenovo V15 G2-ITL
Hardware solutions / Firmware

Lenovo V17 G2-ITL
Hardware solutions / Firmware

Yoga 7 14IAL7
Hardware solutions / Firmware

Yoga 7 16IAH7
Hardware solutions / Firmware

IdeaPad Yoga 7 16IAP7
Hardware solutions / Firmware

ideapad Yoga 7-14ITL5
Hardware solutions / Firmware

ideapad Yoga 7-15ITL5
Hardware solutions / Firmware

IdeaPad Yoga 9 14IAP7
Hardware solutions / Firmware

Yoga 9 14IRP8
Hardware solutions / Firmware

Yoga Duet 7-13IML05
Hardware solutions / Firmware

Yoga Duet 7-13ITL6
Hardware solutions / Firmware

Yoga Duet 7-13ITL6-L TE
Hardware solutions / Firmware

Yoga Slim 6 14IAP8
Hardware solutions / Firmware

Yoga Slim 6 14IRP8
Hardware solutions / Firmware

Yoga Slim 7 Carbon 13IAP7
Hardware solutions / Firmware

Yoga Slim 7 Carbon 13IRP8
Hardware solutions / Firmware

ideapad Yoga Slim 7 Carbon 13ITL5
Hardware solutions / Firmware

Yoga Slim 7 Pro 14IAH7
Hardware solutions / Firmware

IdeaPad Yoga Slim 7 Pro 14IAP7
Hardware solutions / Firmware

IdeaPad Yoga Slim 7 Pro 16IAH7
Hardware solutions / Firmware

ideapad Yoga Slim 7 Pro-1 4IHU5
Hardware solutions / Firmware

ideapad Yoga Slim 7 Pro-14IHU5 O
Hardware solutions / Firmware

ideapad Yoga Slim 7 Pro-14ITL5
Hardware solutions / Firmware

Yoga Slim 7 ProX 14IAH7
Hardware solutions / Firmware

ideapad Yoga Slim 7-13ITL05
Hardware solutions / Firmware

ideapad Yoga Slim 7-14ARE05
Hardware solutions / Firmware

ideapad Yoga Slim 7-14ITL05
Hardware solutions / Firmware

ideapad Yoga Slim 7-15ITL05
Hardware solutions / Firmware

Yoga Slim 9 14IAP7
Hardware solutions / Firmware

ideapad 3-14 ITL05
Hardware solutions / Firmware

ideapad 3-14ITL6
Hardware solutions / Firmware

ideapad 3-15ITL05
Hardware solutions / Firmware

ideapad 3-15ITL6
Hardware solutions / Firmware

ideapad 5 Pro-14ITL6
Hardware solutions / Firmware

ideapad 5 Pro-16IHU6
Hardware solutions / Firmware

ideapad 5-15ARE05
Hardware solutions / Firmware

Vendor Lenovo

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU75023

Risk: Low

CVSSv3.1: 8.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2023-22614

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Insyde BIOS code. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

The vendor plans to release patches in August 2023.

Vulnerable software versions

ideapad D330-10IGL: All versions

IdeaPad 1 14IAU7: All versions

IdeaPad 1 15IAU7: All versions

IdeaPad 3 14IAU7: All versions

IdeaPad 3 15IAU7: All versions

IdeaPad 3 17IAU7: All versions

IdeaPad 3-14ARE05: All versions

IdeaPad 3-15ARE05: All versions

IdeaPad 3-17ARE05: All versions

IdeaPad 3-17ITL6: All versions

IdeaPad 5 14IAL7: All versions

IdeaPad 5 15IAL7: All versions

IdeaPad 5 Pro 14IAP7: All versions

IdeaPad 5 Pro 16IAH7: All versions

IdeaPad 5-14ITL05: All versions

IdeaPad Duet 3 10IGL5: All versions

IdeaPad Duet 5 12IAU7: All versions

IdeaPad Gaming 3 15IAH7: All versions

IdeaPad Gaming 3 16IAH7: All versions

IdeaPad Gaming 3-15IHU6: All versions

ideapad L3-15ITL6: All versions

Lenovo Legion 5 15IAH7: All versions

Lenovo Legion 5 15IAH7H: All versions

Lenovo Legion 5 Pro 16IA H7: All versions

Lenovo Legion 5 Pro 16IAH7H: All versions

Lenovo Legion 5 Pro-16ITH6: All versions

Lenovo Legion 5 Pro-16ITH6H: All versions

Lenovo Legion 5-15ITH6: All versions

Lenovo Legion 5-15ITH6H: All versions

Lenovo Legion 5-17ITH6: All versions

Lenovo Legion 5-17ITH6H: All versions

Legion 7 16IAX7: All versions

Lenovo Legion 7-16ITHg6: All versions

Lenovo Legion S7 16IAH7: All versions

Lenovo S14 G2 ITL: All versions

Lenovo S14 G3 IAP: All versions

Lenovo Slim 7 14IAP7: All versions

Lenovo Slim 7 14IRP8: All versions

Lenovo Slim 7 Carbon 13IAP7: All versions

Lenovo Slim 7 Carbon 13IRP8: All versions

Lenovo Slim 7 ProX 14IAH7: All versions

Lenovo Slim 9 14IAP7: All versions

Lenovo V14 G3 IAP: All versions

Lenovo V15 G3 IAP: All versions

Lenovo V17 G3 IAP: All versions

ideapad S540-13ARE: All versions

ideapad S540-13ITL: All versions

Lenovo Slim 7 16IAH7: All versions

IdeaPad Slim 7 Pro-14IHU5: All versions

ideapad Slim 7-14ARE05: All versions

ideapad Slim 7-14ITL05: All versions

ideapad Slim 7-15ITL05: All versions

ThinkBook 13x ITG: All versions

ThinkBook 14 G2 ITL: All versions

ThinkBook 14 G3 ITL: All versions

ThinkBook 14 G4 IAP: All versions

ThinkBook 14 G4+ IAP: All versions

ThinkBook 14s Yoga G2 IAP: All versions

ThinkBook 14s Yoga ITL: All versions

ThinkBook 15 G2 ITL: All versions

ThinkBook 15 G3 ITL: All versions

ThinkBook 15 G4 IAP: All versions

ThinkBook 15P G2 ITH: All versions

ThinkBook 16 G4+ IAP: All versions

ThinkBook Plus G2 ITG: All versions

ThinkBook Plus G3 IAP: All versions

Lenovo V14 G2-ITL: All versions

Len ovo V14-ARE: All versions

Lenovo V15 G2-ITL: All versions

Lenovo V17 G2-ITL: All versions

Yoga 7 14IAL7: All versions

Yoga 7 16IAH7: All versions

IdeaPad Yoga 7 16IAP7: All versions

ideapad Yoga 7-14ITL5: All versions

ideapad Yoga 7-15ITL5: All versions

IdeaPad Yoga 9 14IAP7: All versions

Yoga 9 14IRP8: All versions

Yoga Duet 7-13IML05: All versions

Yoga Duet 7-13ITL6: All versions

Yoga Duet 7-13ITL6-L TE: All versions

Yoga Slim 6 14IAP8: All versions

Yoga Slim 6 14IRP8: All versions

Yoga Slim 7 Carbon 13IAP7: All versions

Yoga Slim 7 Carbon 13IRP8: All versions

ideapad Yoga Slim 7 Carbon 13ITL5: All versions

Yoga Slim 7 Pro 14IAH7: All versions

IdeaPad Yoga Slim 7 Pro 14IAP7: All versions

IdeaPad Yoga Slim 7 Pro 16IAH7: All versions

ideapad Yoga Slim 7 Pro-1 4IHU5: All versions

ideapad Yoga Slim 7 Pro-14IHU5 O: All versions

ideapad Yoga Slim 7 Pro-14ITL5: All versions

Yoga Slim 7 ProX 14IAH7: All versions

ideapad Yoga Slim 7-13ITL05: All versions

ideapad Yoga Slim 7-14ARE05: All versions

ideapad Yoga Slim 7-14ITL05: All versions

ideapad Yoga Slim 7-15ITL05: All versions

Yoga Slim 9 14IAP7: All versions

ideapad 3-14 ITL05: All versions

ideapad 3-14ITL6: All versions

ideapad 3-15ITL05: All versions

ideapad 3-15ITL6: All versions

ideapad 5 Pro-14ITL6: All versions

ideapad 5 Pro-16IHU6: All versions

ideapad 5-15ARE05: All versions

CPE2.3 External links

http://support.lenovo.com/us/en/product_security/LEN-115634


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU75024

Risk: Low

CVSSv3.1: 8.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2023-22616

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Insyde BIOS code. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

The vendor plans to release patches in August 2023.

Vulnerable software versions

ideapad D330-10IGL: All versions

IdeaPad 1 14IAU7: All versions

IdeaPad 1 15IAU7: All versions

IdeaPad 3 14IAU7: All versions

IdeaPad 3 15IAU7: All versions

IdeaPad 3 17IAU7: All versions

IdeaPad 3-14ARE05: All versions

IdeaPad 3-15ARE05: All versions

IdeaPad 3-17ARE05: All versions

IdeaPad 3-17ITL6: All versions

IdeaPad 5 14IAL7: All versions

IdeaPad 5 15IAL7: All versions

IdeaPad 5 Pro 14IAP7: All versions

IdeaPad 5 Pro 16IAH7: All versions

IdeaPad 5-14ITL05: All versions

IdeaPad Duet 3 10IGL5: All versions

IdeaPad Duet 5 12IAU7: All versions

IdeaPad Gaming 3 15IAH7: All versions

IdeaPad Gaming 3 16IAH7: All versions

IdeaPad Gaming 3-15IHU6: All versions

ideapad L3-15ITL6: All versions

Lenovo Legion 5 15IAH7: All versions

Lenovo Legion 5 15IAH7H: All versions

Lenovo Legion 5 Pro 16IA H7: All versions

Lenovo Legion 5 Pro 16IAH7H: All versions

Lenovo Legion 5 Pro-16ITH6: All versions

Lenovo Legion 5 Pro-16ITH6H: All versions

Lenovo Legion 5-15ITH6: All versions

Lenovo Legion 5-15ITH6H: All versions

Lenovo Legion 5-17ITH6: All versions

Lenovo Legion 5-17ITH6H: All versions

Legion 7 16IAX7: All versions

Lenovo Legion 7-16ITHg6: All versions

Lenovo Legion S7 16IAH7: All versions

Lenovo S14 G2 ITL: All versions

Lenovo S14 G3 IAP: All versions

Lenovo Slim 7 14IAP7: All versions

Lenovo Slim 7 14IRP8: All versions

Lenovo Slim 7 Carbon 13IAP7: All versions

Lenovo Slim 7 Carbon 13IRP8: All versions

Lenovo Slim 7 ProX 14IAH7: All versions

Lenovo Slim 9 14IAP7: All versions

Lenovo V14 G3 IAP: All versions

Lenovo V15 G3 IAP: All versions

Lenovo V17 G3 IAP: All versions

ideapad S540-13ARE: All versions

ideapad S540-13ITL: All versions

Lenovo Slim 7 16IAH7: All versions

IdeaPad Slim 7 Pro-14IHU5: All versions

ideapad Slim 7-14ARE05: All versions

ideapad Slim 7-14ITL05: All versions

ideapad Slim 7-15ITL05: All versions

ThinkBook 13x ITG: All versions

ThinkBook 14 G2 ITL: All versions

ThinkBook 14 G3 ITL: All versions

ThinkBook 14 G4 IAP: All versions

ThinkBook 14 G4+ IAP: All versions

ThinkBook 14s Yoga G2 IAP: All versions

ThinkBook 14s Yoga ITL: All versions

ThinkBook 15 G2 ITL: All versions

ThinkBook 15 G3 ITL: All versions

ThinkBook 15 G4 IAP: All versions

ThinkBook 15P G2 ITH: All versions

ThinkBook 16 G4+ IAP: All versions

ThinkBook Plus G2 ITG: All versions

ThinkBook Plus G3 IAP: All versions

Lenovo V14 G2-ITL: All versions

Len ovo V14-ARE: All versions

Lenovo V15 G2-ITL: All versions

Lenovo V17 G2-ITL: All versions

Yoga 7 14IAL7: All versions

Yoga 7 16IAH7: All versions

IdeaPad Yoga 7 16IAP7: All versions

ideapad Yoga 7-14ITL5: All versions

ideapad Yoga 7-15ITL5: All versions

IdeaPad Yoga 9 14IAP7: All versions

Yoga 9 14IRP8: All versions

Yoga Duet 7-13IML05: All versions

Yoga Duet 7-13ITL6: All versions

Yoga Duet 7-13ITL6-L TE: All versions

Yoga Slim 6 14IAP8: All versions

Yoga Slim 6 14IRP8: All versions

Yoga Slim 7 Carbon 13IAP7: All versions

Yoga Slim 7 Carbon 13IRP8: All versions

ideapad Yoga Slim 7 Carbon 13ITL5: All versions

Yoga Slim 7 Pro 14IAH7: All versions

IdeaPad Yoga Slim 7 Pro 14IAP7: All versions

IdeaPad Yoga Slim 7 Pro 16IAH7: All versions

ideapad Yoga Slim 7 Pro-1 4IHU5: All versions

ideapad Yoga Slim 7 Pro-14IHU5 O: All versions

ideapad Yoga Slim 7 Pro-14ITL5: All versions

Yoga Slim 7 ProX 14IAH7: All versions

ideapad Yoga Slim 7-13ITL05: All versions

ideapad Yoga Slim 7-14ARE05: All versions

ideapad Yoga Slim 7-14ITL05: All versions

ideapad Yoga Slim 7-15ITL05: All versions

Yoga Slim 9 14IAP7: All versions

ideapad 3-14 ITL05: All versions

ideapad 3-14ITL6: All versions

ideapad 3-15ITL05: All versions

ideapad 3-15ITL6: All versions

ideapad 5 Pro-14ITL6: All versions

ideapad 5 Pro-16IHU6: All versions

ideapad 5-15ARE05: All versions

CPE2.3 External links

http://support.lenovo.com/us/en/product_security/LEN-115634


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU75025

Risk: Low

CVSSv3.1: 8.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2023-22613

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Insyde BIOS code. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

The vendor plans to release patches in August 2023.

Vulnerable software versions

ideapad D330-10IGL: All versions

IdeaPad 1 14IAU7: All versions

IdeaPad 1 15IAU7: All versions

IdeaPad 3 14IAU7: All versions

IdeaPad 3 15IAU7: All versions

IdeaPad 3 17IAU7: All versions

IdeaPad 3-14ARE05: All versions

IdeaPad 3-15ARE05: All versions

IdeaPad 3-17ARE05: All versions

IdeaPad 3-17ITL6: All versions

IdeaPad 5 14IAL7: All versions

IdeaPad 5 15IAL7: All versions

IdeaPad 5 Pro 14IAP7: All versions

IdeaPad 5 Pro 16IAH7: All versions

IdeaPad 5-14ITL05: All versions

IdeaPad Duet 3 10IGL5: All versions

IdeaPad Duet 5 12IAU7: All versions

IdeaPad Gaming 3 15IAH7: All versions

IdeaPad Gaming 3 16IAH7: All versions

IdeaPad Gaming 3-15IHU6: All versions

ideapad L3-15ITL6: All versions

Lenovo Legion 5 15IAH7: All versions

Lenovo Legion 5 15IAH7H: All versions

Lenovo Legion 5 Pro 16IA H7: All versions

Lenovo Legion 5 Pro 16IAH7H: All versions

Lenovo Legion 5 Pro-16ITH6: All versions

Lenovo Legion 5 Pro-16ITH6H: All versions

Lenovo Legion 5-15ITH6: All versions

Lenovo Legion 5-15ITH6H: All versions

Lenovo Legion 5-17ITH6: All versions

Lenovo Legion 5-17ITH6H: All versions

Legion 7 16IAX7: All versions

Lenovo Legion 7-16ITHg6: All versions

Lenovo Legion S7 16IAH7: All versions

Lenovo S14 G2 ITL: All versions

Lenovo S14 G3 IAP: All versions

Lenovo Slim 7 14IAP7: All versions

Lenovo Slim 7 14IRP8: All versions

Lenovo Slim 7 Carbon 13IAP7: All versions

Lenovo Slim 7 Carbon 13IRP8: All versions

Lenovo Slim 7 ProX 14IAH7: All versions

Lenovo Slim 9 14IAP7: All versions

Lenovo V14 G3 IAP: All versions

Lenovo V15 G3 IAP: All versions

Lenovo V17 G3 IAP: All versions

ideapad S540-13ARE: All versions

ideapad S540-13ITL: All versions

Lenovo Slim 7 16IAH7: All versions

IdeaPad Slim 7 Pro-14IHU5: All versions

ideapad Slim 7-14ARE05: All versions

ideapad Slim 7-14ITL05: All versions

ideapad Slim 7-15ITL05: All versions

ThinkBook 13x ITG: All versions

ThinkBook 14 G2 ITL: All versions

ThinkBook 14 G3 ITL: All versions

ThinkBook 14 G4 IAP: All versions

ThinkBook 14 G4+ IAP: All versions

ThinkBook 14s Yoga G2 IAP: All versions

ThinkBook 14s Yoga ITL: All versions

ThinkBook 15 G2 ITL: All versions

ThinkBook 15 G3 ITL: All versions

ThinkBook 15 G4 IAP: All versions

ThinkBook 15P G2 ITH: All versions

ThinkBook 16 G4+ IAP: All versions

ThinkBook Plus G2 ITG: All versions

ThinkBook Plus G3 IAP: All versions

Lenovo V14 G2-ITL: All versions

Len ovo V14-ARE: All versions

Lenovo V15 G2-ITL: All versions

Lenovo V17 G2-ITL: All versions

Yoga 7 14IAL7: All versions

Yoga 7 16IAH7: All versions

IdeaPad Yoga 7 16IAP7: All versions

ideapad Yoga 7-14ITL5: All versions

ideapad Yoga 7-15ITL5: All versions

IdeaPad Yoga 9 14IAP7: All versions

Yoga 9 14IRP8: All versions

Yoga Duet 7-13IML05: All versions

Yoga Duet 7-13ITL6: All versions

Yoga Duet 7-13ITL6-L TE: All versions

Yoga Slim 6 14IAP8: All versions

Yoga Slim 6 14IRP8: All versions

Yoga Slim 7 Carbon 13IAP7: All versions

Yoga Slim 7 Carbon 13IRP8: All versions

ideapad Yoga Slim 7 Carbon 13ITL5: All versions

Yoga Slim 7 Pro 14IAH7: All versions

IdeaPad Yoga Slim 7 Pro 14IAP7: All versions

IdeaPad Yoga Slim 7 Pro 16IAH7: All versions

ideapad Yoga Slim 7 Pro-1 4IHU5: All versions

ideapad Yoga Slim 7 Pro-14IHU5 O: All versions

ideapad Yoga Slim 7 Pro-14ITL5: All versions

Yoga Slim 7 ProX 14IAH7: All versions

ideapad Yoga Slim 7-13ITL05: All versions

ideapad Yoga Slim 7-14ARE05: All versions

ideapad Yoga Slim 7-14ITL05: All versions

ideapad Yoga Slim 7-15ITL05: All versions

Yoga Slim 9 14IAP7: All versions

ideapad 3-14 ITL05: All versions

ideapad 3-14ITL6: All versions

ideapad 3-15ITL05: All versions

ideapad 3-15ITL6: All versions

ideapad 5 Pro-14ITL6: All versions

ideapad 5 Pro-16IHU6: All versions

ideapad 5-15ARE05: All versions

CPE2.3 External links

http://support.lenovo.com/us/en/product_security/LEN-115634


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU75026

Risk: Low

CVSSv3.1: 8.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2023-22615

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Insyde BIOS code. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

The vendor plans to release patches in August 2023.

Vulnerable software versions

ideapad D330-10IGL: All versions

IdeaPad 1 14IAU7: All versions

IdeaPad 1 15IAU7: All versions

IdeaPad 3 14IAU7: All versions

IdeaPad 3 15IAU7: All versions

IdeaPad 3 17IAU7: All versions

IdeaPad 3-14ARE05: All versions

IdeaPad 3-15ARE05: All versions

IdeaPad 3-17ARE05: All versions

IdeaPad 3-17ITL6: All versions

IdeaPad 5 14IAL7: All versions

IdeaPad 5 15IAL7: All versions

IdeaPad 5 Pro 14IAP7: All versions

IdeaPad 5 Pro 16IAH7: All versions

IdeaPad 5-14ITL05: All versions

IdeaPad Duet 3 10IGL5: All versions

IdeaPad Duet 5 12IAU7: All versions

IdeaPad Gaming 3 15IAH7: All versions

IdeaPad Gaming 3 16IAH7: All versions

IdeaPad Gaming 3-15IHU6: All versions

ideapad L3-15ITL6: All versions

Lenovo Legion 5 15IAH7: All versions

Lenovo Legion 5 15IAH7H: All versions

Lenovo Legion 5 Pro 16IA H7: All versions

Lenovo Legion 5 Pro 16IAH7H: All versions

Lenovo Legion 5 Pro-16ITH6: All versions

Lenovo Legion 5 Pro-16ITH6H: All versions

Lenovo Legion 5-15ITH6: All versions

Lenovo Legion 5-15ITH6H: All versions

Lenovo Legion 5-17ITH6: All versions

Lenovo Legion 5-17ITH6H: All versions

Legion 7 16IAX7: All versions

Lenovo Legion 7-16ITHg6: All versions

Lenovo Legion S7 16IAH7: All versions

Lenovo S14 G2 ITL: All versions

Lenovo S14 G3 IAP: All versions

Lenovo Slim 7 14IAP7: All versions

Lenovo Slim 7 14IRP8: All versions

Lenovo Slim 7 Carbon 13IAP7: All versions

Lenovo Slim 7 Carbon 13IRP8: All versions

Lenovo Slim 7 ProX 14IAH7: All versions

Lenovo Slim 9 14IAP7: All versions

Lenovo V14 G3 IAP: All versions

Lenovo V15 G3 IAP: All versions

Lenovo V17 G3 IAP: All versions

ideapad S540-13ARE: All versions

ideapad S540-13ITL: All versions

Lenovo Slim 7 16IAH7: All versions

IdeaPad Slim 7 Pro-14IHU5: All versions

ideapad Slim 7-14ARE05: All versions

ideapad Slim 7-14ITL05: All versions

ideapad Slim 7-15ITL05: All versions

ThinkBook 13x ITG: All versions

ThinkBook 14 G2 ITL: All versions

ThinkBook 14 G3 ITL: All versions

ThinkBook 14 G4 IAP: All versions

ThinkBook 14 G4+ IAP: All versions

ThinkBook 14s Yoga G2 IAP: All versions

ThinkBook 14s Yoga ITL: All versions

ThinkBook 15 G2 ITL: All versions

ThinkBook 15 G3 ITL: All versions

ThinkBook 15 G4 IAP: All versions

ThinkBook 15P G2 ITH: All versions

ThinkBook 16 G4+ IAP: All versions

ThinkBook Plus G2 ITG: All versions

ThinkBook Plus G3 IAP: All versions

Lenovo V14 G2-ITL: All versions

Len ovo V14-ARE: All versions

Lenovo V15 G2-ITL: All versions

Lenovo V17 G2-ITL: All versions

Yoga 7 14IAL7: All versions

Yoga 7 16IAH7: All versions

IdeaPad Yoga 7 16IAP7: All versions

ideapad Yoga 7-14ITL5: All versions

ideapad Yoga 7-15ITL5: All versions

IdeaPad Yoga 9 14IAP7: All versions

Yoga 9 14IRP8: All versions

Yoga Duet 7-13IML05: All versions

Yoga Duet 7-13ITL6: All versions

Yoga Duet 7-13ITL6-L TE: All versions

Yoga Slim 6 14IAP8: All versions

Yoga Slim 6 14IRP8: All versions

Yoga Slim 7 Carbon 13IAP7: All versions

Yoga Slim 7 Carbon 13IRP8: All versions

ideapad Yoga Slim 7 Carbon 13ITL5: All versions

Yoga Slim 7 Pro 14IAH7: All versions

IdeaPad Yoga Slim 7 Pro 14IAP7: All versions

IdeaPad Yoga Slim 7 Pro 16IAH7: All versions

ideapad Yoga Slim 7 Pro-1 4IHU5: All versions

ideapad Yoga Slim 7 Pro-14IHU5 O: All versions

ideapad Yoga Slim 7 Pro-14ITL5: All versions

Yoga Slim 7 ProX 14IAH7: All versions

ideapad Yoga Slim 7-13ITL05: All versions

ideapad Yoga Slim 7-14ARE05: All versions

ideapad Yoga Slim 7-14ITL05: All versions

ideapad Yoga Slim 7-15ITL05: All versions

Yoga Slim 9 14IAP7: All versions

ideapad 3-14 ITL05: All versions

ideapad 3-14ITL6: All versions

ideapad 3-15ITL05: All versions

ideapad 3-15ITL6: All versions

ideapad 5 Pro-14ITL6: All versions

ideapad 5 Pro-16IHU6: All versions

ideapad 5-15ARE05: All versions

CPE2.3 External links

http://support.lenovo.com/us/en/product_security/LEN-115634


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer overflow

EUVDB-ID: #VU75027

Risk: Low

CVSSv3.1: 8.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2023-22612

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Insyde BIOS code. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

The vendor plans to release patches in August 2023.

Vulnerable software versions

ideapad D330-10IGL: All versions

IdeaPad 1 14IAU7: All versions

IdeaPad 1 15IAU7: All versions

IdeaPad 3 14IAU7: All versions

IdeaPad 3 15IAU7: All versions

IdeaPad 3 17IAU7: All versions

IdeaPad 3-14ARE05: All versions

IdeaPad 3-15ARE05: All versions

IdeaPad 3-17ARE05: All versions

IdeaPad 3-17ITL6: All versions

IdeaPad 5 14IAL7: All versions

IdeaPad 5 15IAL7: All versions

IdeaPad 5 Pro 14IAP7: All versions

IdeaPad 5 Pro 16IAH7: All versions

IdeaPad 5-14ITL05: All versions

IdeaPad Duet 3 10IGL5: All versions

IdeaPad Duet 5 12IAU7: All versions

IdeaPad Gaming 3 15IAH7: All versions

IdeaPad Gaming 3 16IAH7: All versions

IdeaPad Gaming 3-15IHU6: All versions

ideapad L3-15ITL6: All versions

Lenovo Legion 5 15IAH7: All versions

Lenovo Legion 5 15IAH7H: All versions

Lenovo Legion 5 Pro 16IA H7: All versions

Lenovo Legion 5 Pro 16IAH7H: All versions

Lenovo Legion 5 Pro-16ITH6: All versions

Lenovo Legion 5 Pro-16ITH6H: All versions

Lenovo Legion 5-15ITH6: All versions

Lenovo Legion 5-15ITH6H: All versions

Lenovo Legion 5-17ITH6: All versions

Lenovo Legion 5-17ITH6H: All versions

Legion 7 16IAX7: All versions

Lenovo Legion 7-16ITHg6: All versions

Lenovo Legion S7 16IAH7: All versions

Lenovo S14 G2 ITL: All versions

Lenovo S14 G3 IAP: All versions

Lenovo Slim 7 14IAP7: All versions

Lenovo Slim 7 14IRP8: All versions

Lenovo Slim 7 Carbon 13IAP7: All versions

Lenovo Slim 7 Carbon 13IRP8: All versions

Lenovo Slim 7 ProX 14IAH7: All versions

Lenovo Slim 9 14IAP7: All versions

Lenovo V14 G3 IAP: All versions

Lenovo V15 G3 IAP: All versions

Lenovo V17 G3 IAP: All versions

ideapad S540-13ARE: All versions

ideapad S540-13ITL: All versions

Lenovo Slim 7 16IAH7: All versions

IdeaPad Slim 7 Pro-14IHU5: All versions

ideapad Slim 7-14ARE05: All versions

ideapad Slim 7-14ITL05: All versions

ideapad Slim 7-15ITL05: All versions

ThinkBook 13x ITG: All versions

ThinkBook 14 G2 ITL: All versions

ThinkBook 14 G3 ITL: All versions

ThinkBook 14 G4 IAP: All versions

ThinkBook 14 G4+ IAP: All versions

ThinkBook 14s Yoga G2 IAP: All versions

ThinkBook 14s Yoga ITL: All versions

ThinkBook 15 G2 ITL: All versions

ThinkBook 15 G3 ITL: All versions

ThinkBook 15 G4 IAP: All versions

ThinkBook 15P G2 ITH: All versions

ThinkBook 16 G4+ IAP: All versions

ThinkBook Plus G2 ITG: All versions

ThinkBook Plus G3 IAP: All versions

Lenovo V14 G2-ITL: All versions

Len ovo V14-ARE: All versions

Lenovo V15 G2-ITL: All versions

Lenovo V17 G2-ITL: All versions

Yoga 7 14IAL7: All versions

Yoga 7 16IAH7: All versions

IdeaPad Yoga 7 16IAP7: All versions

ideapad Yoga 7-14ITL5: All versions

ideapad Yoga 7-15ITL5: All versions

IdeaPad Yoga 9 14IAP7: All versions

Yoga 9 14IRP8: All versions

Yoga Duet 7-13IML05: All versions

Yoga Duet 7-13ITL6: All versions

Yoga Duet 7-13ITL6-L TE: All versions

Yoga Slim 6 14IAP8: All versions

Yoga Slim 6 14IRP8: All versions

Yoga Slim 7 Carbon 13IAP7: All versions

Yoga Slim 7 Carbon 13IRP8: All versions

ideapad Yoga Slim 7 Carbon 13ITL5: All versions

Yoga Slim 7 Pro 14IAH7: All versions

IdeaPad Yoga Slim 7 Pro 14IAP7: All versions

IdeaPad Yoga Slim 7 Pro 16IAH7: All versions

ideapad Yoga Slim 7 Pro-1 4IHU5: All versions

ideapad Yoga Slim 7 Pro-14IHU5 O: All versions

ideapad Yoga Slim 7 Pro-14ITL5: All versions

Yoga Slim 7 ProX 14IAH7: All versions

ideapad Yoga Slim 7-13ITL05: All versions

ideapad Yoga Slim 7-14ARE05: All versions

ideapad Yoga Slim 7-14ITL05: All versions

ideapad Yoga Slim 7-15ITL05: All versions

Yoga Slim 9 14IAP7: All versions

ideapad 3-14 ITL05: All versions

ideapad 3-14ITL6: All versions

ideapad 3-15ITL05: All versions

ideapad 3-15ITL6: All versions

ideapad 5 Pro-14ITL6: All versions

ideapad 5 Pro-16IHU6: All versions

ideapad 5-15ARE05: All versions

CPE2.3 External links

http://support.lenovo.com/us/en/product_security/LEN-115634


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

EUVDB-ID: #VU75028

Risk: Low

CVSSv3.1: 8.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2022-24350

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Insyde BIOS code. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

The vendor plans to release patches in August 2023.

Vulnerable software versions

ideapad D330-10IGL: All versions

IdeaPad 1 14IAU7: All versions

IdeaPad 1 15IAU7: All versions

IdeaPad 3 14IAU7: All versions

IdeaPad 3 15IAU7: All versions

IdeaPad 3 17IAU7: All versions

IdeaPad 3-14ARE05: All versions

IdeaPad 3-15ARE05: All versions

IdeaPad 3-17ARE05: All versions

IdeaPad 3-17ITL6: All versions

IdeaPad 5 14IAL7: All versions

IdeaPad 5 15IAL7: All versions

IdeaPad 5 Pro 14IAP7: All versions

IdeaPad 5 Pro 16IAH7: All versions

IdeaPad 5-14ITL05: All versions

IdeaPad Duet 3 10IGL5: All versions

IdeaPad Duet 5 12IAU7: All versions

IdeaPad Gaming 3 15IAH7: All versions

IdeaPad Gaming 3 16IAH7: All versions

IdeaPad Gaming 3-15IHU6: All versions

ideapad L3-15ITL6: All versions

Lenovo Legion 5 15IAH7: All versions

Lenovo Legion 5 15IAH7H: All versions

Lenovo Legion 5 Pro 16IA H7: All versions

Lenovo Legion 5 Pro 16IAH7H: All versions

Lenovo Legion 5 Pro-16ITH6: All versions

Lenovo Legion 5 Pro-16ITH6H: All versions

Lenovo Legion 5-15ITH6: All versions

Lenovo Legion 5-15ITH6H: All versions

Lenovo Legion 5-17ITH6: All versions

Lenovo Legion 5-17ITH6H: All versions

Legion 7 16IAX7: All versions

Lenovo Legion 7-16ITHg6: All versions

Lenovo Legion S7 16IAH7: All versions

Lenovo S14 G2 ITL: All versions

Lenovo S14 G3 IAP: All versions

Lenovo Slim 7 14IAP7: All versions

Lenovo Slim 7 14IRP8: All versions

Lenovo Slim 7 Carbon 13IAP7: All versions

Lenovo Slim 7 Carbon 13IRP8: All versions

Lenovo Slim 7 ProX 14IAH7: All versions

Lenovo Slim 9 14IAP7: All versions

Lenovo V14 G3 IAP: All versions

Lenovo V15 G3 IAP: All versions

Lenovo V17 G3 IAP: All versions

ideapad S540-13ARE: All versions

ideapad S540-13ITL: All versions

Lenovo Slim 7 16IAH7: All versions

IdeaPad Slim 7 Pro-14IHU5: All versions

ideapad Slim 7-14ARE05: All versions

ideapad Slim 7-14ITL05: All versions

ideapad Slim 7-15ITL05: All versions

ThinkBook 13x ITG: All versions

ThinkBook 14 G2 ITL: All versions

ThinkBook 14 G3 ITL: All versions

ThinkBook 14 G4 IAP: All versions

ThinkBook 14 G4+ IAP: All versions

ThinkBook 14s Yoga G2 IAP: All versions

ThinkBook 14s Yoga ITL: All versions

ThinkBook 15 G2 ITL: All versions

ThinkBook 15 G3 ITL: All versions

ThinkBook 15 G4 IAP: All versions

ThinkBook 15P G2 ITH: All versions

ThinkBook 16 G4+ IAP: All versions

ThinkBook Plus G2 ITG: All versions

ThinkBook Plus G3 IAP: All versions

Lenovo V14 G2-ITL: All versions

Len ovo V14-ARE: All versions

Lenovo V15 G2-ITL: All versions

Lenovo V17 G2-ITL: All versions

Yoga 7 14IAL7: All versions

Yoga 7 16IAH7: All versions

IdeaPad Yoga 7 16IAP7: All versions

ideapad Yoga 7-14ITL5: All versions

ideapad Yoga 7-15ITL5: All versions

IdeaPad Yoga 9 14IAP7: All versions

Yoga 9 14IRP8: All versions

Yoga Duet 7-13IML05: All versions

Yoga Duet 7-13ITL6: All versions

Yoga Duet 7-13ITL6-L TE: All versions

Yoga Slim 6 14IAP8: All versions

Yoga Slim 6 14IRP8: All versions

Yoga Slim 7 Carbon 13IAP7: All versions

Yoga Slim 7 Carbon 13IRP8: All versions

ideapad Yoga Slim 7 Carbon 13ITL5: All versions

Yoga Slim 7 Pro 14IAH7: All versions

IdeaPad Yoga Slim 7 Pro 14IAP7: All versions

IdeaPad Yoga Slim 7 Pro 16IAH7: All versions

ideapad Yoga Slim 7 Pro-1 4IHU5: All versions

ideapad Yoga Slim 7 Pro-14IHU5 O: All versions

ideapad Yoga Slim 7 Pro-14ITL5: All versions

Yoga Slim 7 ProX 14IAH7: All versions

ideapad Yoga Slim 7-13ITL05: All versions

ideapad Yoga Slim 7-14ARE05: All versions

ideapad Yoga Slim 7-14ITL05: All versions

ideapad Yoga Slim 7-15ITL05: All versions

Yoga Slim 9 14IAP7: All versions

ideapad 3-14 ITL05: All versions

ideapad 3-14ITL6: All versions

ideapad 3-15ITL05: All versions

ideapad 3-15ITL6: All versions

ideapad 5 Pro-14ITL6: All versions

ideapad 5 Pro-16IHU6: All versions

ideapad 5-15ARE05: All versions

CPE2.3 External links

http://support.lenovo.com/us/en/product_security/LEN-115634


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###