Strix
26.1K

CVE-2023-45075

MEDIUMCVSS 6.7/10EPSS 0.22%

Last modified

CVE-2023-45075 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.. EPSS estimates a 0.22% chance of exploitation in the next 30 days.

Description

A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

Metrics

CVSS 3.1
6.7/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.22%

11.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
LenovoIdeacentre C5-14imb05 Firmware< o4hkt3ca
LenovoIdeacentre 3-07ada05 Firmware< o4fkt39a
LenovoIdeacentre 3-07imb05 Firmware< m2vkt21a
LenovoIdeacentre G5-14imb05 Firmware< o4hkt3ca
LenovoIdeacentre 5-14iob6 Firmware< m3gkt3da
LenovoIdeacentre Creator 5-14iob6 Firmware< m3gkt3da
LenovoIdeacentre G5-14amr05 Firmware< o4zkt2ba
LenovoIdeacentre Gaming 5-14iob6 Firmware< m3gkt3da
LenovoIdeacentre Mini 5 01iaq7 Firmware< o53kt10a
LenovoIdeacentre Mini 5-01imh05 Firmware< o4ekt1ba
LenovoLegion T7-34imz5 Firmware< o5fkt17a
LenovoThinkcentre M625q Firmware< m1wkt52a
LenovoThinkcentre M630e FirmwareAll versions
LenovoThinkcentre M70a Firmware< m2skt29a
LenovoThinkcentre M920z All-In-One Firmware< m1mkt56a
LenovoThinkcentre M920x Firmware< m1ukt72a
LenovoThinkcentre M920t Firmware< m1ukt72a
LenovoThinkcentre M920s Firmware< m1ukt72a
LenovoThinkcentre M920q Firmware< m1ukt72a
LenovoThinkcentre M90t Firmware< m2tkt55a
LenovoThinkcentre M90s Firmware< m2tkt55a
LenovoThinkcentre M90q Tiny Firmware< m2wkt5aa
LenovoThinkcentre M90a Firmware< m2rkt57a
LenovoThinkcentre M820z All-In-One Firmware< m1nkt62a
LenovoThinkcentre M80t Firmware< m2tkt55a
LenovoThinkcentre M80s Firmware< m2tkt55a
LenovoThinkcentre M80q Firmware< m2wkt5aa
LenovoThinkcentre M75t Gen 2 FirmwareAll versions
LenovoThinkcentre M75s Gen 2 FirmwareAll versions
LenovoThinkcentre M75q Gen 2 Firmware< m47kt30a
LenovoThinkcentre M75n Firmware< m33kt27a
LenovoThinkcentre M720t Firmware< m1ukt72a
LenovoThinkcentre M720s Firmware< m1ukt72a
LenovoThinkcentre M720q Firmware< m1ukt72a
LenovoThinkcentre M70t Firmware< m2tkt55a
LenovoThinkcentre M70s Firmware< m2tkt55a
LenovoThinkcentre M70q Firmware< m2wkt5aa
LenovoThinkcentre M70c Firmware< m2vkt21a
LenovoV50t-13iob G2 Firmware< m3gkt3da
LenovoV55t Gen 2 13acn Firmware< o5jkt23a
LenovoV50t-13imh Firmware< m4pkt13a
LenovoV50t-13imb Firmware< o4hkt3ca
LenovoV50s-07imb Firmware< m2vkt21a
LenovoV50a-24imb Firmware< m36kt32a
LenovoV50a-22imb Firmware< m36kt32a
LenovoV30a-24iml Firmware< m37kt31a
LenovoV30a-22iml Firmware< m37kt31a
LenovoThinkedge Se30 Firmware< m3fkt2da
LenovoThinkstation P920 Workstation FirmwareAll versions
LenovoThinkstation P720 Workstation FirmwareAll versions

Showing 50 of 62 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-45075?
A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
How severe is CVE-2023-45075?
CVE-2023-45075 has a CVSS score of 6.7/10 (MEDIUM severity). The EPSS model estimates a 0.22% probability of exploitation in the next 30 days.
How do I fix CVE-2023-45075?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-45075?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST