CVE-2023-34419

Name: CVE-2023-34419
Creator: NVD / NIST
Published: 2023-08-17T17:15:09.913+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.7/10EPSS 0.18%

Last modified Jun 17, 2026

CVE-2023-34419 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.. EPSS estimates a 0.18% chance of exploitation in the next 30 days.

Description

A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

Metrics

CVSS 3.1

6.7/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.18%

8.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-120

Affected Software

Vendor	Product	Versions
Lenovo	Legion 5 Pro 16iah7h Firmware	< j2cn51ww
Lenovo	Legion 5 Pro 16iah7 Firmware	< j2cn51ww
Lenovo	Legion 5 Pro 16arh7 Firmware	All versions
Lenovo	Legion 5 Pro 16arh7h Firmware	All versions
Lenovo	Legion 5 15arh7 Firmware	All versions
Lenovo	Legion 5 15arh7h Firmware	All versions
Lenovo	Legion 5 15iah7h Firmware	< j2cn51ww
Lenovo	Legion 5 15iah7 Firmware	< j2cn51ww
Lenovo	Legion 5 Pro-16ach6 Firmware	All versions
Lenovo	Legion 5 Pro-16ach6h Firmware	All versions
Lenovo	Legion 5 Pro-16ith6 Firmware	All versions
Lenovo	Legion 5 Pro-16ith6h Firmware	All versions
Lenovo	Legion 5-15ach6 Firmware	All versions
Lenovo	Legion 5-15ach6a Firmware	All versions
Lenovo	Legion 5-15ach6h Firmware	All versions
Lenovo	Legion 5-15ith6 Firmware	All versions
Lenovo	Legion 5-15ith6h Firmware	All versions
Lenovo	Legion 5-17ach6 Firmware	All versions
Lenovo	Legion 5-17ach6h Firmware	All versions
Lenovo	Legion 5-17ith6 Firmware	All versions
Lenovo	Legion 5-17ith6h Firmware	All versions
Lenovo	Legion 7-16arha7 Firmware	All versions
Lenovo	Legion 7-16achg6 Firmware	All versions
Lenovo	Legion 7-16ithg6 Firmware	All versions
Lenovo	Legion Pro 5 16irx8 Firmware	< kwcn37ww
Lenovo	Legion Pro 7 16irx8 Firmware	< kwcn37ww
Lenovo	Legion Pro 7 16irx8h Firmware	< kwcn37ww
Lenovo	Legion S7 16arha7 Firmware	All versions
Lenovo	Thinkbook 16p G3 Arh Firmware	All versions
Lenovo	Thinkbook 15p G2 Ith Firmware	All versions

References

https://support.lenovo.com/us/en/product_security/LEN-134879Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-134879Vendor Advisory

Timeline

Published: Aug 17, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-34419?

A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

How severe is CVE-2023-34419?

CVE-2023-34419 has a CVSS score of 6.7/10 (MEDIUM severity). The EPSS model estimates a 0.18% probability of exploitation in the next 30 days.

How do I fix CVE-2023-34419?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-34419?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST