What is CVE-2023-4029?

CVE-2023-4029 is a medium-severity vulnerability in Lenovo Thinkpad, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 6.7/10. Published 2023-08-17.

How severe is CVE-2023-4029?

Medium severity. CVSS v3 base score is 6.7 out of 10.

Buffer overflow in Lenovo Thinkpad

CVE-2023-4029

A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

Vulnerability class: Buffer Overflow

EPSS: 0.000 (13.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Lenovo Thinkpad — versions various

Weakness classification (CWE)

CWE-120 — Buffer Copy without Checking Size of Input (Classic Buffer Overflow)

References

support.lenovo.com/us/en/product_security/LEN-134879

Frequently asked questions

What is CVE-2023-4029?: CVE-2023-4029 is a medium-severity vulnerability in Lenovo Thinkpad, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 6.7/10. Published 2023-08-17.
How severe is CVE-2023-4029?: Medium severity. CVSS v3 base score is 6.7 out of 10.