Vulnerability identifier: #VU75023
Vulnerability risk: Low
CVSSv3.1: 8.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
ideapad D330-10IGL
Hardware solutions /
Firmware
IdeaPad 1 14IAU7
Hardware solutions /
Firmware
IdeaPad 1 15IAU7
Hardware solutions /
Firmware
IdeaPad 3 14IAU7
Hardware solutions /
Firmware
IdeaPad 3 15IAU7
Hardware solutions /
Firmware
IdeaPad 3 17IAU7
Hardware solutions /
Firmware
IdeaPad 3-14ARE05
Hardware solutions /
Firmware
IdeaPad 3-15ARE05
Hardware solutions /
Firmware
IdeaPad 3-17ARE05
Hardware solutions /
Firmware
IdeaPad 3-17ITL6
Hardware solutions /
Firmware
IdeaPad 5 14IAL7
Hardware solutions /
Firmware
IdeaPad 5 15IAL7
Hardware solutions /
Firmware
IdeaPad 5 Pro 14IAP7
Hardware solutions /
Firmware
IdeaPad
5 Pro 16IAH7
Hardware solutions /
Firmware
IdeaPad 5-14ITL05
Hardware solutions /
Firmware
IdeaPad Duet 3 10IGL5
Hardware solutions /
Firmware
IdeaPad Duet 5 12IAU7
Hardware solutions /
Firmware
IdeaPad Gaming 3 15IAH7
Hardware solutions /
Firmware
IdeaPad Gaming 3 16IAH7
Hardware solutions /
Firmware
IdeaPad Gaming 3-15IHU6
Hardware solutions /
Firmware
ideapad L3-15ITL6
Hardware solutions /
Firmware
Lenovo Legion 5 15IAH7
Hardware solutions /
Firmware
Lenovo Legion 5 15IAH7H
Hardware solutions /
Firmware
Lenovo Legion 5 Pro 16IA
H7
Hardware solutions /
Firmware
Lenovo Legion 5 Pro 16IAH7H
Hardware solutions /
Firmware
Lenovo Legion 5 Pro-16ITH6
Hardware solutions /
Firmware
Lenovo Legion 5 Pro-16ITH6H
Hardware solutions /
Firmware
Lenovo Legion 5-15ITH6
Hardware solutions /
Firmware
Lenovo Legion 5-15ITH6H
Hardware solutions /
Firmware
Lenovo Legion 5-17ITH6
Hardware solutions /
Firmware
Lenovo Legion 5-17ITH6H
Hardware solutions /
Firmware
Legion 7 16IAX7
Hardware solutions /
Firmware
Lenovo Legion 7-16ITHg6
Hardware solutions /
Firmware
Lenovo Legion S7
16IAH7
Hardware solutions /
Firmware
Lenovo S14 G2 ITL
Hardware solutions /
Firmware
Lenovo S14 G3 IAP
Hardware solutions /
Firmware
Lenovo Slim 7 14IAP7
Hardware solutions /
Firmware
Lenovo Slim 7 14IRP8
Hardware solutions /
Firmware
Lenovo Slim 7 Carbon 13IAP7
Hardware solutions /
Firmware
Lenovo Slim 7 Carbon 13IRP8
Hardware solutions /
Firmware
Lenovo Slim 7 ProX 14IAH7
Hardware solutions /
Firmware
Lenovo Slim 9 14IAP7
Hardware solutions /
Firmware
Lenovo V14 G3 IAP
Hardware solutions /
Firmware
Lenovo V15 G3 IAP
Hardware solutions /
Firmware
Lenovo V17 G3
IAP
Hardware solutions /
Firmware
ideapad S540-13ARE
Hardware solutions /
Firmware
ideapad S540-13ITL
Hardware solutions /
Firmware
Lenovo Slim 7 16IAH7
Hardware solutions /
Firmware
IdeaPad Slim 7 Pro-14IHU5
Hardware solutions /
Firmware
ideapad Slim 7-14ARE05
Hardware solutions /
Firmware
ideapad Slim 7-14ITL05
Hardware solutions /
Firmware
ideapad Slim 7-15ITL05
Hardware solutions /
Firmware
ThinkBook 13x ITG
Hardware solutions /
Firmware
ThinkBook 14 G2 ITL
Hardware solutions /
Firmware
ThinkBook 14 G3 ITL
Hardware solutions /
Firmware
ThinkBook 14 G4 IAP
Hardware solutions /
Firmware
ThinkBook 14 G4+ IAP
Hardware solutions /
Firmware
ThinkBook 14s Yoga G2 IAP
Hardware solutions /
Firmware
ThinkBook 14s Yoga ITL
Hardware solutions /
Firmware
ThinkBook 15 G2 ITL
Hardware solutions /
Firmware
ThinkBook 15 G3 ITL
Hardware solutions /
Firmware
ThinkBook 15 G4 IAP
Hardware solutions /
Firmware
ThinkBook 15P G2 ITH
Hardware solutions /
Firmware
ThinkBook 16 G4+ IAP
Hardware solutions /
Firmware
ThinkBook Plus G2 ITG
Hardware solutions /
Firmware
ThinkBook Plus G3 IAP
Hardware solutions /
Firmware
Lenovo V14 G2-ITL
Hardware solutions /
Firmware
Len
ovo V14-ARE
Hardware solutions /
Firmware
Lenovo V15 G2-ITL
Hardware solutions /
Firmware
Lenovo V17 G2-ITL
Hardware solutions /
Firmware
Yoga 7 14IAL7
Hardware solutions /
Firmware
Yoga 7 16IAH7
Hardware solutions /
Firmware
IdeaPad Yoga 7 16IAP7
Hardware solutions /
Firmware
ideapad Yoga 7-14ITL5
Hardware solutions /
Firmware
ideapad Yoga 7-15ITL5
Hardware solutions /
Firmware
IdeaPad Yoga 9 14IAP7
Hardware solutions /
Firmware
Yoga 9 14IRP8
Hardware solutions /
Firmware
Yoga Duet 7-13IML05
Hardware solutions /
Firmware
Yoga Duet 7-13ITL6
Hardware solutions /
Firmware
Yoga Duet 7-13ITL6-L
TE
Hardware solutions /
Firmware
Yoga Slim 6 14IAP8
Hardware solutions /
Firmware
Yoga Slim 6 14IRP8
Hardware solutions /
Firmware
Yoga Slim 7 Carbon 13IAP7
Hardware solutions /
Firmware
Yoga Slim 7 Carbon 13IRP8
Hardware solutions /
Firmware
ideapad Yoga Slim 7 Carbon 13ITL5
Hardware solutions /
Firmware
Yoga Slim 7 Pro 14IAH7
Hardware solutions /
Firmware
IdeaPad Yoga Slim 7 Pro 14IAP7
Hardware solutions /
Firmware
IdeaPad Yoga Slim 7 Pro 16IAH7
Hardware solutions /
Firmware
ideapad Yoga Slim 7 Pro-1
4IHU5
Hardware solutions /
Firmware
ideapad Yoga Slim 7 Pro-14IHU5 O
Hardware solutions /
Firmware
ideapad Yoga Slim 7 Pro-14ITL5
Hardware solutions /
Firmware
Yoga Slim 7 ProX 14IAH7
Hardware solutions /
Firmware
ideapad Yoga Slim 7-13ITL05
Hardware solutions /
Firmware
ideapad Yoga Slim 7-14ARE05
Hardware solutions /
Firmware
ideapad Yoga Slim 7-14ITL05
Hardware solutions /
Firmware
ideapad Yoga Slim 7-15ITL05
Hardware solutions /
Firmware
Yoga Slim 9 14IAP7
Hardware solutions /
Firmware
ideapad 3-14
ITL05
Hardware solutions /
Firmware
ideapad 3-14ITL6
Hardware solutions /
Firmware
ideapad 3-15ITL05
Hardware solutions /
Firmware
ideapad 3-15ITL6
Hardware solutions /
Firmware
ideapad 5 Pro-14ITL6
Hardware solutions /
Firmware
ideapad 5 Pro-16IHU6
Hardware solutions /
Firmware
ideapad 5-15ARE05
Hardware solutions /
Firmware
Vendor: Lenovo
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Insyde BIOS code. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
The vendor plans to release patches in August 2023.
Vulnerable software versions
ideapad D330-10IGL: All versions
IdeaPad 1 14IAU7: All versions
IdeaPad 1 15IAU7: All versions
IdeaPad 3 14IAU7: All versions
IdeaPad 3 15IAU7: All versions
IdeaPad 3 17IAU7: All versions
IdeaPad 3-14ARE05: All versions
IdeaPad 3-15ARE05: All versions
IdeaPad 3-17ARE05: All versions
IdeaPad 3-17ITL6: All versions
IdeaPad 5 14IAL7: All versions
IdeaPad 5 15IAL7: All versions
IdeaPad 5 Pro 14IAP7: All versions
IdeaPad 5 Pro 16IAH7: All versions
IdeaPad 5-14ITL05: All versions
IdeaPad Duet 3 10IGL5: All versions
IdeaPad Duet 5 12IAU7: All versions
IdeaPad Gaming 3 15IAH7: All versions
IdeaPad Gaming 3 16IAH7: All versions
IdeaPad Gaming 3-15IHU6: All versions
ideapad L3-15ITL6: All versions
Lenovo Legion 5 15IAH7: All versions
Lenovo Legion 5 15IAH7H: All versions
Lenovo Legion 5 Pro 16IA H7: All versions
Lenovo Legion 5 Pro 16IAH7H: All versions
Lenovo Legion 5 Pro-16ITH6: All versions
Lenovo Legion 5 Pro-16ITH6H: All versions
Lenovo Legion 5-15ITH6: All versions
Lenovo Legion 5-15ITH6H: All versions
Lenovo Legion 5-17ITH6: All versions
Lenovo Legion 5-17ITH6H: All versions
Legion 7 16IAX7: All versions
Lenovo Legion 7-16ITHg6: All versions
Lenovo Legion S7 16IAH7: All versions
Lenovo S14 G2 ITL: All versions
Lenovo S14 G3 IAP: All versions
Lenovo Slim 7 14IAP7: All versions
Lenovo Slim 7 14IRP8: All versions
Lenovo Slim 7 Carbon 13IAP7: All versions
Lenovo Slim 7 Carbon 13IRP8: All versions
Lenovo Slim 7 ProX 14IAH7: All versions
Lenovo Slim 9 14IAP7: All versions
Lenovo V14 G3 IAP: All versions
Lenovo V15 G3 IAP: All versions
Lenovo V17 G3 IAP: All versions
ideapad S540-13ARE: All versions
ideapad S540-13ITL: All versions
Lenovo Slim 7 16IAH7: All versions
IdeaPad Slim 7 Pro-14IHU5: All versions
ideapad Slim 7-14ARE05: All versions
ideapad Slim 7-14ITL05: All versions
ideapad Slim 7-15ITL05: All versions
ThinkBook 13x ITG: All versions
ThinkBook 14 G2 ITL: All versions
ThinkBook 14 G3 ITL: All versions
ThinkBook 14 G4 IAP: All versions
ThinkBook 14 G4+ IAP: All versions
ThinkBook 14s Yoga G2 IAP: All versions
ThinkBook 14s Yoga ITL: All versions
ThinkBook 15 G2 ITL: All versions
ThinkBook 15 G3 ITL: All versions
ThinkBook 15 G4 IAP: All versions
ThinkBook 15P G2 ITH: All versions
ThinkBook 16 G4+ IAP: All versions
ThinkBook Plus G2 ITG: All versions
ThinkBook Plus G3 IAP: All versions
Lenovo V14 G2-ITL: All versions
Len ovo V14-ARE: All versions
Lenovo V15 G2-ITL: All versions
Lenovo V17 G2-ITL: All versions
Yoga 7 14IAL7: All versions
Yoga 7 16IAH7: All versions
IdeaPad Yoga 7 16IAP7: All versions
ideapad Yoga 7-14ITL5: All versions
ideapad Yoga 7-15ITL5: All versions
IdeaPad Yoga 9 14IAP7: All versions
Yoga 9 14IRP8: All versions
Yoga Duet 7-13IML05: All versions
Yoga Duet 7-13ITL6: All versions
Yoga Duet 7-13ITL6-L TE: All versions
Yoga Slim 6 14IAP8: All versions
Yoga Slim 6 14IRP8: All versions
Yoga Slim 7 Carbon 13IAP7: All versions
Yoga Slim 7 Carbon 13IRP8: All versions
ideapad Yoga Slim 7 Carbon 13ITL5: All versions
Yoga Slim 7 Pro 14IAH7: All versions
IdeaPad Yoga Slim 7 Pro 14IAP7: All versions
IdeaPad Yoga Slim 7 Pro 16IAH7: All versions
ideapad Yoga Slim 7 Pro-1 4IHU5: All versions
ideapad Yoga Slim 7 Pro-14IHU5 O: All versions
ideapad Yoga Slim 7 Pro-14ITL5: All versions
Yoga Slim 7 ProX 14IAH7: All versions
ideapad Yoga Slim 7-13ITL05: All versions
ideapad Yoga Slim 7-14ARE05: All versions
ideapad Yoga Slim 7-14ITL05: All versions
ideapad Yoga Slim 7-15ITL05: All versions
Yoga Slim 9 14IAP7: All versions
ideapad 3-14 ITL05: All versions
ideapad 3-14ITL6: All versions
ideapad 3-15ITL05: All versions
ideapad 3-15ITL6: All versions
ideapad 5 Pro-14ITL6: All versions
ideapad 5 Pro-16IHU6: All versions
ideapad 5-15ARE05: All versions
External links
http://support.lenovo.com/us/en/product_security/LEN-115634
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.