Buffer overflow in Lenovo products - CVE-2023-22615
Published: April 12, 2023
Vulnerability identifier: #VU75026
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-22615
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Lenovo
Affected software:
ideapad D330-10IGL
IdeaPad 1 14IAU7
IdeaPad 1 15IAU7
IdeaPad 3 14IAU7
IdeaPad 3 15IAU7
IdeaPad 3 17IAU7
IdeaPad 3-14ARE05
IdeaPad 3-15ARE05
IdeaPad 3-17ARE05
IdeaPad 3-17ITL6
IdeaPad 5 14IAL7
IdeaPad 5 15IAL7
IdeaPad 5 Pro 14IAP7
IdeaPad 5 Pro 16IAH7
IdeaPad 5-14ITL05
IdeaPad Duet 3 10IGL5
IdeaPad Duet 5 12IAU7
IdeaPad Gaming 3 15IAH7
IdeaPad Gaming 3 16IAH7
IdeaPad Gaming 3-15IHU6
ideapad L3-15ITL6
Lenovo Legion 5 15IAH7
Lenovo Legion 5 15IAH7H
Lenovo Legion 5 Pro 16IAH7
Lenovo Legion 5 Pro 16IAH7H
Lenovo Legion 5 Pro-16ITH6
Lenovo Legion 5 Pro-16ITH6H
Lenovo Legion 5-15ITH6
Lenovo Legion 5-15ITH6H
Lenovo Legion 5-17ITH6
Lenovo Legion 5-17ITH6H
Legion 7 16IAX7
Lenovo Legion 7-16ITHg6
Lenovo Legion S716IAH7
Lenovo S14 G2 ITL
Lenovo S14 G3 IAP
Lenovo Slim 7 14IAP7
Lenovo Slim 7 14IRP8
Lenovo Slim 7 Carbon 13IAP7
Lenovo Slim 7 Carbon 13IRP8
Lenovo Slim 7 ProX 14IAH7
Lenovo Slim 9 14IAP7
Lenovo V14 G3 IAP
Lenovo V15 G3 IAP
Lenovo V17 G3 IAP
ideapad S540-13ARE
ideapad S540-13ITL
Lenovo Slim 7 16IAH7
IdeaPad Slim 7 Pro-14IHU5
ideapad Slim 7-14ARE05
ideapad Slim 7-14ITL05
ideapad Slim 7-15ITL05
ThinkBook 13x ITG
ThinkBook 14 G2 ITL
ThinkBook 14 G3 ITL
ThinkBook 14 G4 IAP
ThinkBook 14 G4+ IAP
ThinkBook 14s Yoga G2 IAP
ThinkBook 14s Yoga ITL
ThinkBook 15 G2 ITL
ThinkBook 15 G3 ITL
ThinkBook 15 G4 IAP
ThinkBook 15P G2 ITH
ThinkBook 16 G4+ IAP
ThinkBook Plus G2 ITG
ThinkBook Plus G3 IAP
Lenovo V14 G2-ITL
Lenovo V14-ARE
Lenovo V15 G2-ITL
Lenovo V17 G2-ITL
Yoga 7 14IAL7
Yoga 7 16IAH7
IdeaPad Yoga 7 16IAP7
ideapad Yoga 7-14ITL5
ideapad Yoga 7-15ITL5
IdeaPad Yoga 9 14IAP7
Yoga 9 14IRP8
Yoga Duet 7-13IML05
Yoga Duet 7-13ITL6
Yoga Duet 7-13ITL6-LTE
Yoga Slim 6 14IAP8
Yoga Slim 6 14IRP8
Yoga Slim 7 Carbon 13IAP7
Yoga Slim 7 Carbon 13IRP8
ideapad Yoga Slim 7 Carbon 13ITL5
Yoga Slim 7 Pro 14IAH7
IdeaPad Yoga Slim 7 Pro 14IAP7
IdeaPad Yoga Slim 7 Pro 16IAH7
ideapad Yoga Slim 7 Pro-14IHU5
ideapad Yoga Slim 7 Pro-14IHU5 O
ideapad Yoga Slim 7 Pro-14ITL5
Yoga Slim 7 ProX 14IAH7
ideapad Yoga Slim 7-13ITL05
ideapad Yoga Slim 7-14ARE05
ideapad Yoga Slim 7-14ITL05
ideapad Yoga Slim 7-15ITL05
Yoga Slim 9 14IAP7
ideapad 3-14ITL05
ideapad 3-14ITL6
ideapad 3-15ITL05
ideapad 3-15ITL6
ideapad 5 Pro-14ITL6
ideapad 5 Pro-16IHU6
ideapad 5-15ARE05
ideapad D330-10IGL
IdeaPad 1 14IAU7
IdeaPad 1 15IAU7
IdeaPad 3 14IAU7
IdeaPad 3 15IAU7
IdeaPad 3 17IAU7
IdeaPad 3-14ARE05
IdeaPad 3-15ARE05
IdeaPad 3-17ARE05
IdeaPad 3-17ITL6
IdeaPad 5 14IAL7
IdeaPad 5 15IAL7
IdeaPad 5 Pro 14IAP7
IdeaPad 5 Pro 16IAH7
IdeaPad 5-14ITL05
IdeaPad Duet 3 10IGL5
IdeaPad Duet 5 12IAU7
IdeaPad Gaming 3 15IAH7
IdeaPad Gaming 3 16IAH7
IdeaPad Gaming 3-15IHU6
ideapad L3-15ITL6
Lenovo Legion 5 15IAH7
Lenovo Legion 5 15IAH7H
Lenovo Legion 5 Pro 16IAH7
Lenovo Legion 5 Pro 16IAH7H
Lenovo Legion 5 Pro-16ITH6
Lenovo Legion 5 Pro-16ITH6H
Lenovo Legion 5-15ITH6
Lenovo Legion 5-15ITH6H
Lenovo Legion 5-17ITH6
Lenovo Legion 5-17ITH6H
Legion 7 16IAX7
Lenovo Legion 7-16ITHg6
Lenovo Legion S716IAH7
Lenovo S14 G2 ITL
Lenovo S14 G3 IAP
Lenovo Slim 7 14IAP7
Lenovo Slim 7 14IRP8
Lenovo Slim 7 Carbon 13IAP7
Lenovo Slim 7 Carbon 13IRP8
Lenovo Slim 7 ProX 14IAH7
Lenovo Slim 9 14IAP7
Lenovo V14 G3 IAP
Lenovo V15 G3 IAP
Lenovo V17 G3 IAP
ideapad S540-13ARE
ideapad S540-13ITL
Lenovo Slim 7 16IAH7
IdeaPad Slim 7 Pro-14IHU5
ideapad Slim 7-14ARE05
ideapad Slim 7-14ITL05
ideapad Slim 7-15ITL05
ThinkBook 13x ITG
ThinkBook 14 G2 ITL
ThinkBook 14 G3 ITL
ThinkBook 14 G4 IAP
ThinkBook 14 G4+ IAP
ThinkBook 14s Yoga G2 IAP
ThinkBook 14s Yoga ITL
ThinkBook 15 G2 ITL
ThinkBook 15 G3 ITL
ThinkBook 15 G4 IAP
ThinkBook 15P G2 ITH
ThinkBook 16 G4+ IAP
ThinkBook Plus G2 ITG
ThinkBook Plus G3 IAP
Lenovo V14 G2-ITL
Lenovo V14-ARE
Lenovo V15 G2-ITL
Lenovo V17 G2-ITL
Yoga 7 14IAL7
Yoga 7 16IAH7
IdeaPad Yoga 7 16IAP7
ideapad Yoga 7-14ITL5
ideapad Yoga 7-15ITL5
IdeaPad Yoga 9 14IAP7
Yoga 9 14IRP8
Yoga Duet 7-13IML05
Yoga Duet 7-13ITL6
Yoga Duet 7-13ITL6-LTE
Yoga Slim 6 14IAP8
Yoga Slim 6 14IRP8
Yoga Slim 7 Carbon 13IAP7
Yoga Slim 7 Carbon 13IRP8
ideapad Yoga Slim 7 Carbon 13ITL5
Yoga Slim 7 Pro 14IAH7
IdeaPad Yoga Slim 7 Pro 14IAP7
IdeaPad Yoga Slim 7 Pro 16IAH7
ideapad Yoga Slim 7 Pro-14IHU5
ideapad Yoga Slim 7 Pro-14IHU5 O
ideapad Yoga Slim 7 Pro-14ITL5
Yoga Slim 7 ProX 14IAH7
ideapad Yoga Slim 7-13ITL05
ideapad Yoga Slim 7-14ARE05
ideapad Yoga Slim 7-14ITL05
ideapad Yoga Slim 7-15ITL05
Yoga Slim 9 14IAP7
ideapad 3-14ITL05
ideapad 3-14ITL6
ideapad 3-15ITL05
ideapad 3-15ITL6
ideapad 5 Pro-14ITL6
ideapad 5 Pro-16IHU6
ideapad 5-15ARE05
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Insyde BIOS code. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
How to mitigate CVE-2023-22615
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
The vendor plans to release patches in August 2023.