CVE-2023-45079

Home/CVE/A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated pr

CVE

A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated pr

A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

MEDIUM · CVSS 6.7 EPSS 0.00035

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-125Out-of-bounds Read

▤

Affected Products & Versions

lenovo ideacentre c5-14imb05 firmware< o4hkt3ca
lenovo ideacentre 3-07ada05 firmware< o4fkt39a
lenovo ideacentre 3-07imb05 firmware< m2vkt21a
lenovo ideacentre g5-14imb05 firmware< o4hkt3ca
lenovo ideacentre 5-14iob6 firmware< m3gkt3da
lenovo ideacentre creator 5-14iob6 firmware< m3gkt3da
lenovo ideacentre g5-14amr05 firmware< o4zkt2ba
lenovo ideacentre gaming 5-14iob6 firmware< m3gkt3da
Show all 60 affected productslenovo ideacentre mini 5 01iaq7 firmware< o53kt10a
lenovo ideacentre mini 5-01imh05 firmware< o4ekt1ba
lenovo legion t7-34imz5 firmware< o5fkt17a
lenovo thinkcentre m625q firmware< m1wkt52a
lenovo thinkcentre m630e firmwareall versions
lenovo thinkcentre m70a firmware< m2skt29a
lenovo thinkcentre m920z all-in-one firmware< m1mkt56a
lenovo thinkcentre m920x firmware< m1ukt72a
lenovo thinkcentre m920t firmware< m1ukt72a
lenovo thinkcentre m920s firmware< m1ukt72a
lenovo thinkcentre m920q firmware< m1ukt72a
lenovo thinkcentre m90t firmware< m2tkt55a
lenovo thinkcentre m90s firmware< m2tkt55a
lenovo thinkcentre m90q tiny firmware< m2wkt5aa
lenovo thinkcentre m90a firmware< m2rkt57a
lenovo thinkcentre m820z all-in-one firmware< m1nkt62a
lenovo thinkcentre m80t firmware< m2tkt55a
lenovo thinkcentre m80s firmware< m2tkt55a
lenovo thinkcentre m80q firmware< m2wkt5aa
lenovo thinkcentre m75t gen 2 firmwareall versions
lenovo thinkcentre m75s gen 2 firmwareall versions
lenovo thinkcentre m75q gen 2 firmware< m47kt30a
lenovo thinkcentre m75n firmware< m33kt27a
lenovo thinkcentre m720t firmware< m1ukt72a
lenovo thinkcentre m720s firmware< m1ukt72a
lenovo thinkcentre m720q firmware< m1ukt72a
lenovo thinkcentre m70t firmware< m2tkt55a
lenovo thinkcentre m70s firmware< m2tkt55a
lenovo thinkcentre m70q firmware< m2wkt5aa
lenovo thinkcentre m70c firmware< m2vkt21a
lenovo v50t-13iob g2 firmware< m3gkt3da
lenovo v55t gen 2 13acn firmware< o5jkt23a
lenovo v50t-13imh firmware< m4pkt13a
lenovo v50t-13imb firmware< o4hkt3ca
lenovo v50s-07imb firmware< m2vkt21a
lenovo v50a-24imb firmware< m36kt32a
lenovo v50a-22imb firmware< m36kt32a
lenovo v30a-24iml firmware< m37kt31a
lenovo v30a-22iml firmware< m37kt31a
lenovo thinkedge se30 firmware< m3fkt2da
lenovo thinkstation p920 workstation firmwareall versions
lenovo thinkstation p720 workstation firmwareall versions
lenovo thinkstation p520c workstation firmwareall versions
lenovo thinkstation p520 workstation firmwareall versions
lenovo thinkstation p360 workstation firmwareall versions
lenovo thinkstation p360 workstation firmware< s0ekt45a
lenovo thinkstation p350 workstation firmwareall versions
lenovo thinkstation p348 workstation firmware< m3kkt3ba
lenovo thinkstation p340 workstation firmware< s08kt55a
lenovo thinkstation p340 tiny workstation firmware< m2wkt5aa
lenovo thinkstation p330 workstation 2nd gen firmware< m1vkt72a
lenovo thinkstation p330 workstation firmware< m1vkt72a

▣

Scoring & Timeline

6.7

MEDIUM · CVSS v3.1 · psirt@lenovo.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD08 Nov 2023 · 11:15 PM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

SSVC triage · cisa-vulnrichment

Exploitation

none

Automatable

Technical impact

total

SSVC asks the questions that actually drive patch urgency: is it being exploited, can attacks be automated, and how total is the impact.

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://support.lenovo.com/us/en/product_security/LEN-141775Vendor Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin