| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.5 | $0-$5k | 0.00 |
Summary
A vulnerability classified as critical has been found in Lenovo 100w Gen 3 Laptop BIOS, 100w Gen 4 Laptop BIOS, 13w Yoga Laptop BIOS, 13w Yoga Gen 2 (Type 82YR, 82YS) Laptop BIOS, 14W Gen 2 Laptop BIOS, 300w Gen 3 Laptop BIOS, 300w Yoga Gen 4 Laptop BIOS, 500w Yoga Gen 4 Laptop BIOS, Flex 5-14ITL05 Laptop (ideapad) BIOS, Flex 5-15ITL05 Laptop (ideapad) BIOS, IdeaPad 1 14ALC7 Laptop BIOS, IdeaPad 1 15ALC7 Laptop BIOS, IdeaPad 1-11IGL05 Laptop BIOS, IdeaPad 1-14IGL05 Laptop BIOS, IdeaPad 3 14ABA7 Laptop BIOS, IdeaPad 3 15ABA7 Laptop BIOS, IdeaPad 3 17ABA7 Laptop BIOS, IdeaPad 3-14ALC6 Laptop BIOS, IdeaPad 3-15ALC6 Laptop BIOS, IdeaPad 3-17ALC6 Laptop BIOS, ideapad 5-15ALC05 Laptop BIOS, IdeaPad Flex 5 14ABR8 BIOS, IdeaPad Flex 5 14ALC7 Laptop BIOS, IdeaPad Flex 5 14IAU7 Laptop BIOS, IdeaPad Flex 5 14IRU8 BIOS, IdeaPad Flex 5 16ABR8 BIOS, IdeaPad Flex 5 16ALC7 BIOS, IdeaPad Flex 5 16IAU7 BIOS, IdeaPad Flex 5 16IRU8 BIOS, IdeaPad Slim 3 14ABR8 BIOS, IdeaPad Slim 3 14AMN8 BIOS, IdeaPad Slim 3 15ABR8 BIOS, IdeaPad Slim 3 15AMN8 BIOS, IdeaPad Slim 3 16ABR8 BIOS, IdeaPad Slim 5 Light 14ABR8 BIOS, K14 G2 IRU BIOS, Flex 7 14IAU7 BIOS, Flex 7 14IRU8 BIOS, V14 G3 ABA Laptop BIOS, V14 G4 ABP BIOS, V14 G4 AMN BIOS, V15 G3 ABA Laptop BIOS, V15 G4 ABP BIOS, V15 G4 AMN BIOS, ThinkBook 13s G4 ARB BIOS, ThinkBook 13s G4 IAP BIOS, ThinkBook 13x G2 IAP Laptop BIOS, ThinkBook 14 G6 ABP BIOS, ThinkBook 14 G6 IRL BIOS, ThinkBook 16 G6 ABP BIOS, ThinkBook 16 G6 IRL BIOS, V14 G2-ALC Laptop BIOS, V15 G2-ALC Laptop BIOS, Yoga Slim 7 Pro-14ACH5 Laptop BIOS and Yoga Slim 7 Pro-14ACH5 O Laptop BIOS. This issue affects some unknown processing. Performing a manipulation results in stack-based overflow. This vulnerability is cataloged as CVE-2024-3100. The attack must be initiated from a local position. There is no exploit available. It is recommended to upgrade the affected component.
Details
A vulnerability classified as critical has been found in Lenovo 100w Gen 3 Laptop BIOS, 100w Gen 4 Laptop BIOS, 13w Yoga Laptop BIOS, 13w Yoga Gen 2 (Type 82YR, 82YS) Laptop BIOS, 14W Gen 2 Laptop BIOS, 300w Gen 3 Laptop BIOS, 300w Yoga Gen 4 Laptop BIOS, 500w Yoga Gen 4 Laptop BIOS, Flex 5-14ITL05 Laptop (ideapad) BIOS, Flex 5-15ITL05 Laptop (ideapad) BIOS, IdeaPad 1 14ALC7 Laptop BIOS, IdeaPad 1 15ALC7 Laptop BIOS, IdeaPad 1-11IGL05 Laptop BIOS, IdeaPad 1-14IGL05 Laptop BIOS, IdeaPad 3 14ABA7 Laptop BIOS, IdeaPad 3 15ABA7 Laptop BIOS, IdeaPad 3 17ABA7 Laptop BIOS, IdeaPad 3-14ALC6 Laptop BIOS, IdeaPad 3-15ALC6 Laptop BIOS, IdeaPad 3-17ALC6 Laptop BIOS, ideapad 5-15ALC05 Laptop BIOS, IdeaPad Flex 5 14ABR8 BIOS, IdeaPad Flex 5 14ALC7 Laptop BIOS, IdeaPad Flex 5 14IAU7 Laptop BIOS, IdeaPad Flex 5 14IRU8 BIOS, IdeaPad Flex 5 16ABR8 BIOS, IdeaPad Flex 5 16ALC7 BIOS, IdeaPad Flex 5 16IAU7 BIOS, IdeaPad Flex 5 16IRU8 BIOS, IdeaPad Slim 3 14ABR8 BIOS, IdeaPad Slim 3 14AMN8 BIOS, IdeaPad Slim 3 15ABR8 BIOS, IdeaPad Slim 3 15AMN8 BIOS, IdeaPad Slim 3 16ABR8 BIOS, IdeaPad Slim 5 Light 14ABR8 BIOS, K14 G2 IRU BIOS, Flex 7 14IAU7 BIOS, Flex 7 14IRU8 BIOS, V14 G3 ABA Laptop BIOS, V14 G4 ABP BIOS, V14 G4 AMN BIOS, V15 G3 ABA Laptop BIOS, V15 G4 ABP BIOS, V15 G4 AMN BIOS, ThinkBook 13s G4 ARB BIOS, ThinkBook 13s G4 IAP BIOS, ThinkBook 13x G2 IAP Laptop BIOS, ThinkBook 14 G6 ABP BIOS, ThinkBook 14 G6 IRL BIOS, ThinkBook 16 G6 ABP BIOS, ThinkBook 16 G6 IRL BIOS, V14 G2-ALC Laptop BIOS, V15 G2-ALC Laptop BIOS, Yoga Slim 7 Pro-14ACH5 Laptop BIOS and Yoga Slim 7 Pro-14ACH5 O Laptop BIOS. This affects some unknown processing. The manipulation with an unknown input leads to a stack-based overflow vulnerability. CWE is classifying the issue as CWE-121. A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code.
It is possible to read the advisory at support.lenovo.com. This vulnerability is uniquely identified as CVE-2024-3100 since 03/29/2024. The exploitability is told to be easy. Attacking locally is a requirement. Additional levels of successful authentication are needed for exploitation. The technical details are unknown and an exploit is not publicly available.
Upgrading eliminates this vulnerability.
Be aware that VulDB is the high quality source for vulnerability data.
Product
Vendor
Name
- 13w Yoga Gen 2 (Type 82YR
- 13w Yoga Laptop BIOS
- 14W Gen 2 Laptop BIOS
- 82YS) Laptop BIOS
- 100w Gen 3 Laptop BIOS
- 100w Gen 4 Laptop BIOS
- 300w Gen 3 Laptop BIOS
- 300w Yoga Gen 4 Laptop BIOS
- 500w Yoga Gen 4 Laptop BIOS
- Flex 5-14ITL05 Laptop (ideapad) BIOS
- Flex 5-15ITL05 Laptop (ideapad) BIOS
- Flex 7 14IAU7 BIOS
- Flex 7 14IRU8 BIOS
- IdeaPad 1 14ALC7 Laptop BIOS
- IdeaPad 1 15ALC7 Laptop BIOS
- IdeaPad 1-11IGL05 Laptop BIOS
- IdeaPad 1-14IGL05 Laptop BIOS
- IdeaPad 3 14ABA7 Laptop BIOS
- IdeaPad 3 15ABA7 Laptop BIOS
- IdeaPad 3 17ABA7 Laptop BIOS
- IdeaPad 3-14ALC6 Laptop BIOS
- IdeaPad 3-15ALC6 Laptop BIOS
- IdeaPad 3-17ALC6 Laptop BIOS
- ideapad 5-15ALC05 Laptop BIOS
- IdeaPad Flex 5 14ABR8 BIOS
- IdeaPad Flex 5 14ALC7 Laptop BIOS
- IdeaPad Flex 5 14IAU7 Laptop BIOS
- IdeaPad Flex 5 14IRU8 BIOS
- IdeaPad Flex 5 16ABR8 BIOS
- IdeaPad Flex 5 16ALC7 BIOS
- IdeaPad Flex 5 16IAU7 BIOS
- IdeaPad Flex 5 16IRU8 BIOS
- IdeaPad Slim 3 14ABR8 BIOS
- IdeaPad Slim 3 14AMN8 BIOS
- IdeaPad Slim 3 15ABR8 BIOS
- IdeaPad Slim 3 15AMN8 BIOS
- IdeaPad Slim 3 16ABR8 BIOS
- IdeaPad Slim 5 Light 14ABR8 BIOS
- K14 G2 IRU BIOS
- ThinkBook 13s G4 ARB BIOS
- ThinkBook 13s G4 IAP BIOS
- ThinkBook 13x G2 IAP Laptop BIOS
- ThinkBook 14 G6 ABP BIOS
- ThinkBook 14 G6 IRL BIOS
- ThinkBook 16 G6 ABP BIOS
- ThinkBook 16 G6 IRL BIOS
- V14 G2-ALC Laptop BIOS
- V14 G3 ABA Laptop BIOS
- V14 G4 ABP BIOS
- V14 G4 AMN BIOS
- V15 G2-ALC Laptop BIOS
- V15 G3 ABA Laptop BIOS
- V15 G4 ABP BIOS
- V15 G4 AMN BIOS
- Yoga Slim 7 Pro-14ACH5 Laptop BIOS
- Yoga Slim 7 Pro-14ACH5 O Laptop BIOS
License
Website
- Vendor: https://www.lenovo.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.7VulDB Meta Temp Score: 6.6
VulDB Base Score: 6.7
VulDB Temp Score: 6.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 6.7
CNA Vector (lenovo): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Stack-based overflowCWE: CWE-121 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
03/29/2024 🔍09/13/2024 🔍
09/13/2024 🔍
09/13/2024 🔍
Sources
Vendor: lenovo.comAdvisory: support.lenovo.com
Status: Confirmed
CVE: CVE-2024-3100 (🔍)
GCVE (CVE): GCVE-0-2024-3100
GCVE (VulDB): GCVE-100-277479
Entry
Created: 09/13/2024 20:52Changes: 09/13/2024 20:52 (61)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.