#VU75026 Buffer overflow in Lenovo products - CVE-2023-22615
Published: April 12, 2023
Vulnerability identifier: #VU75026
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-22615
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
ideapad D330-10IGL
IdeaPad 1 14IAU7
IdeaPad 1 15IAU7
IdeaPad 3 14IAU7
IdeaPad 3 15IAU7
IdeaPad 3 17IAU7
IdeaPad 3-14ARE05
IdeaPad 3-15ARE05
IdeaPad 3-17ARE05
IdeaPad 3-17ITL6
IdeaPad 5 14IAL7
IdeaPad 5 15IAL7
IdeaPad 5 Pro 14IAP7
IdeaPad 5 Pro 16IAH7
IdeaPad 5-14ITL05
IdeaPad Duet 3 10IGL5
IdeaPad Duet 5 12IAU7
IdeaPad Gaming 3 15IAH7
IdeaPad Gaming 3 16IAH7
IdeaPad Gaming 3-15IHU6
ideapad L3-15ITL6
Lenovo Legion 5 15IAH7
Lenovo Legion 5 15IAH7H
Lenovo Legion 5 Pro 16IAH7
Lenovo Legion 5 Pro 16IAH7H
Lenovo Legion 5 Pro-16ITH6
Lenovo Legion 5 Pro-16ITH6H
Lenovo Legion 5-15ITH6
Lenovo Legion 5-15ITH6H
Lenovo Legion 5-17ITH6
Lenovo Legion 5-17ITH6H
Legion 7 16IAX7
Lenovo Legion 7-16ITHg6
Lenovo Legion S716IAH7
Lenovo S14 G2 ITL
Lenovo S14 G3 IAP
Lenovo Slim 7 14IAP7
Lenovo Slim 7 14IRP8
Lenovo Slim 7 Carbon 13IAP7
Lenovo Slim 7 Carbon 13IRP8
Lenovo Slim 7 ProX 14IAH7
Lenovo Slim 9 14IAP7
Lenovo V14 G3 IAP
Lenovo V15 G3 IAP
Lenovo V17 G3 IAP
ideapad S540-13ARE
ideapad S540-13ITL
Lenovo Slim 7 16IAH7
IdeaPad Slim 7 Pro-14IHU5
ideapad Slim 7-14ARE05
ideapad Slim 7-14ITL05
ideapad Slim 7-15ITL05
ThinkBook 13x ITG
ThinkBook 14 G2 ITL
ThinkBook 14 G3 ITL
ThinkBook 14 G4 IAP
ThinkBook 14 G4+ IAP
ThinkBook 14s Yoga G2 IAP
ThinkBook 14s Yoga ITL
ThinkBook 15 G2 ITL
ThinkBook 15 G3 ITL
ThinkBook 15 G4 IAP
ThinkBook 15P G2 ITH
ThinkBook 16 G4+ IAP
ThinkBook Plus G2 ITG
ThinkBook Plus G3 IAP
Lenovo V14 G2-ITL
Lenovo V14-ARE
Lenovo V15 G2-ITL
Lenovo V17 G2-ITL
Yoga 7 14IAL7
Yoga 7 16IAH7
IdeaPad Yoga 7 16IAP7
ideapad Yoga 7-14ITL5
ideapad Yoga 7-15ITL5
IdeaPad Yoga 9 14IAP7
Yoga 9 14IRP8
Yoga Duet 7-13IML05
Yoga Duet 7-13ITL6
Yoga Duet 7-13ITL6-LTE
Yoga Slim 6 14IAP8
Yoga Slim 6 14IRP8
Yoga Slim 7 Carbon 13IAP7
Yoga Slim 7 Carbon 13IRP8
ideapad Yoga Slim 7 Carbon 13ITL5
Yoga Slim 7 Pro 14IAH7
IdeaPad Yoga Slim 7 Pro 14IAP7
IdeaPad Yoga Slim 7 Pro 16IAH7
ideapad Yoga Slim 7 Pro-14IHU5
ideapad Yoga Slim 7 Pro-14IHU5 O
ideapad Yoga Slim 7 Pro-14ITL5
Yoga Slim 7 ProX 14IAH7
ideapad Yoga Slim 7-13ITL05
ideapad Yoga Slim 7-14ARE05
ideapad Yoga Slim 7-14ITL05
ideapad Yoga Slim 7-15ITL05
Yoga Slim 9 14IAP7
ideapad 3-14ITL05
ideapad 3-14ITL6
ideapad 3-15ITL05
ideapad 3-15ITL6
ideapad 5 Pro-14ITL6
ideapad 5 Pro-16IHU6
ideapad 5-15ARE05
ideapad D330-10IGL
IdeaPad 1 14IAU7
IdeaPad 1 15IAU7
IdeaPad 3 14IAU7
IdeaPad 3 15IAU7
IdeaPad 3 17IAU7
IdeaPad 3-14ARE05
IdeaPad 3-15ARE05
IdeaPad 3-17ARE05
IdeaPad 3-17ITL6
IdeaPad 5 14IAL7
IdeaPad 5 15IAL7
IdeaPad 5 Pro 14IAP7
IdeaPad 5 Pro 16IAH7
IdeaPad 5-14ITL05
IdeaPad Duet 3 10IGL5
IdeaPad Duet 5 12IAU7
IdeaPad Gaming 3 15IAH7
IdeaPad Gaming 3 16IAH7
IdeaPad Gaming 3-15IHU6
ideapad L3-15ITL6
Lenovo Legion 5 15IAH7
Lenovo Legion 5 15IAH7H
Lenovo Legion 5 Pro 16IAH7
Lenovo Legion 5 Pro 16IAH7H
Lenovo Legion 5 Pro-16ITH6
Lenovo Legion 5 Pro-16ITH6H
Lenovo Legion 5-15ITH6
Lenovo Legion 5-15ITH6H
Lenovo Legion 5-17ITH6
Lenovo Legion 5-17ITH6H
Legion 7 16IAX7
Lenovo Legion 7-16ITHg6
Lenovo Legion S716IAH7
Lenovo S14 G2 ITL
Lenovo S14 G3 IAP
Lenovo Slim 7 14IAP7
Lenovo Slim 7 14IRP8
Lenovo Slim 7 Carbon 13IAP7
Lenovo Slim 7 Carbon 13IRP8
Lenovo Slim 7 ProX 14IAH7
Lenovo Slim 9 14IAP7
Lenovo V14 G3 IAP
Lenovo V15 G3 IAP
Lenovo V17 G3 IAP
ideapad S540-13ARE
ideapad S540-13ITL
Lenovo Slim 7 16IAH7
IdeaPad Slim 7 Pro-14IHU5
ideapad Slim 7-14ARE05
ideapad Slim 7-14ITL05
ideapad Slim 7-15ITL05
ThinkBook 13x ITG
ThinkBook 14 G2 ITL
ThinkBook 14 G3 ITL
ThinkBook 14 G4 IAP
ThinkBook 14 G4+ IAP
ThinkBook 14s Yoga G2 IAP
ThinkBook 14s Yoga ITL
ThinkBook 15 G2 ITL
ThinkBook 15 G3 ITL
ThinkBook 15 G4 IAP
ThinkBook 15P G2 ITH
ThinkBook 16 G4+ IAP
ThinkBook Plus G2 ITG
ThinkBook Plus G3 IAP
Lenovo V14 G2-ITL
Lenovo V14-ARE
Lenovo V15 G2-ITL
Lenovo V17 G2-ITL
Yoga 7 14IAL7
Yoga 7 16IAH7
IdeaPad Yoga 7 16IAP7
ideapad Yoga 7-14ITL5
ideapad Yoga 7-15ITL5
IdeaPad Yoga 9 14IAP7
Yoga 9 14IRP8
Yoga Duet 7-13IML05
Yoga Duet 7-13ITL6
Yoga Duet 7-13ITL6-LTE
Yoga Slim 6 14IAP8
Yoga Slim 6 14IRP8
Yoga Slim 7 Carbon 13IAP7
Yoga Slim 7 Carbon 13IRP8
ideapad Yoga Slim 7 Carbon 13ITL5
Yoga Slim 7 Pro 14IAH7
IdeaPad Yoga Slim 7 Pro 14IAP7
IdeaPad Yoga Slim 7 Pro 16IAH7
ideapad Yoga Slim 7 Pro-14IHU5
ideapad Yoga Slim 7 Pro-14IHU5 O
ideapad Yoga Slim 7 Pro-14ITL5
Yoga Slim 7 ProX 14IAH7
ideapad Yoga Slim 7-13ITL05
ideapad Yoga Slim 7-14ARE05
ideapad Yoga Slim 7-14ITL05
ideapad Yoga Slim 7-15ITL05
Yoga Slim 9 14IAP7
ideapad 3-14ITL05
ideapad 3-14ITL6
ideapad 3-15ITL05
ideapad 3-15ITL6
ideapad 5 Pro-14ITL6
ideapad 5 Pro-16IHU6
ideapad 5-15ARE05
Software vendor:
Lenovo
Lenovo
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Insyde BIOS code. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
The vendor plans to release patches in August 2023.