CVE-2023-45078

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Published Nov 8, 2023

Updated: Nov 16, 2023

CWE ID 125

Summary

CVE-2023-45078 is a memory leakage vulnerability affecting the DustFilterAlertSmm SMM driver. This issue allows local attackers with elevated privileges to write to NVRAM variables by exploiting the memory leakage. Successful exploitation could result in unauthorized modifications to the NVRAM data, potentially leading to serious system instability or unintended behavior. The vulnerability poses a significant risk to systems with the affected driver installed, and prompt patching is advised.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

ThinkCentre
Lenovo Legion T7-34imz5 Firmware
Lenovo IdeaCentre

Affected Vendors

Lenovo Companies

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s4r8tK
https://www.cve.org/CVERecord?id=CVE-2023-45078
https://nvd.nist.gov/vuln/detail/CVE-2023-45078

Back to Vulnerability Database