CVE & CISA-KEV Catalog

CVE-2023-45075

MEDIUM
6.7
CVSS v3
NVD

Description

A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

How to fix

Remediation Available
ideacentre 3-07ada05 firmwareNVD
Affected:< o4fkt39aFixed in:o4fkt39aCVE-2023-45075derived from NVD
ideacentre 3-07imb05 firmwareNVD
Affected:< m2vkt21aFixed in:m2vkt21aCVE-2023-45075derived from NVD
ideacentre 5-14iob6 firmwareNVD
Affected:< m3gkt3daFixed in:m3gkt3daCVE-2023-45075derived from NVD
ideacentre c5-14imb05 firmwareNVD
Affected:< o4hkt3caFixed in:o4hkt3caCVE-2023-45075derived from NVD
ideacentre creator 5-14iob6 firmwareNVD
Affected:< m3gkt3daFixed in:m3gkt3daCVE-2023-45075derived from NVD
ideacentre g5-14amr05 firmwareNVD
Affected:< o4zkt2baFixed in:o4zkt2baCVE-2023-45075derived from NVD
ideacentre g5-14imb05 firmwareNVD
Affected:< o4hkt3caFixed in:o4hkt3caCVE-2023-45075derived from NVD
ideacentre gaming 5-14iob6 firmwareNVD
Affected:< m3gkt3daFixed in:m3gkt3daCVE-2023-45075derived from NVD
ideacentre mini 5-01imh05 firmwareNVD
Affected:< o4ekt1baFixed in:o4ekt1baCVE-2023-45075derived from NVD
ideacentre mini 5 01iaq7 firmwareNVD
Affected:< o53kt10aFixed in:o53kt10aCVE-2023-45075derived from NVD
legion t7-34imz5 firmwareNVD
Affected:< o5fkt17aFixed in:o5fkt17aCVE-2023-45075derived from NVD
thinkcentre m625q firmwareNVD
Affected:< m1wkt52aFixed in:m1wkt52aCVE-2023-45075derived from NVD
thinkcentre m70a firmwareNVD
Affected:< m2skt29aFixed in:m2skt29aCVE-2023-45075derived from NVD
thinkcentre m70c firmwareNVD
Affected:< m2vkt21aFixed in:m2vkt21aCVE-2023-45075derived from NVD
thinkcentre m70q firmwareNVD
Affected:< m2wkt5aaFixed in:m2wkt5aaCVE-2023-45075derived from NVD
thinkcentre m70s firmwareNVD
Affected:< m2tkt55aFixed in:m2tkt55aCVE-2023-45075derived from NVD
thinkcentre m70t firmwareNVD
Affected:< m2tkt55aFixed in:m2tkt55aCVE-2023-45075derived from NVD
thinkcentre m720q firmwareNVD
Affected:< m1ukt72aFixed in:m1ukt72aCVE-2023-45075derived from NVD
thinkcentre m720s firmwareNVD
Affected:< m1ukt72aFixed in:m1ukt72aCVE-2023-45075derived from NVD
thinkcentre m720t firmwareNVD
Affected:< m1ukt72aFixed in:m1ukt72aCVE-2023-45075derived from NVD
thinkcentre m75n firmwareNVD
Affected:< m33kt27aFixed in:m33kt27aCVE-2023-45075derived from NVD
thinkcentre m75q gen 2 firmwareNVD
Affected:< m47kt30aFixed in:m47kt30aCVE-2023-45075derived from NVD
thinkcentre m80q firmwareNVD
Affected:< m2wkt5aaFixed in:m2wkt5aaCVE-2023-45075derived from NVD
thinkcentre m80s firmwareNVD
Affected:< m2tkt55aFixed in:m2tkt55aCVE-2023-45075derived from NVD
thinkcentre m80t firmwareNVD
Affected:< m2tkt55aFixed in:m2tkt55aCVE-2023-45075derived from NVD
thinkcentre m820z all-in-one firmwareNVD
Affected:< m1nkt62aFixed in:m1nkt62aCVE-2023-45075derived from NVD
thinkcentre m90a firmwareNVD
Affected:< m2rkt57aFixed in:m2rkt57aCVE-2023-45075derived from NVD
thinkcentre m90q tiny firmwareNVD
Affected:< m2wkt5aaFixed in:m2wkt5aaCVE-2023-45075derived from NVD
thinkcentre m90s firmwareNVD
Affected:< m2tkt55aFixed in:m2tkt55aCVE-2023-45075derived from NVD
thinkcentre m90t firmwareNVD
Affected:< m2tkt55aFixed in:m2tkt55aCVE-2023-45075derived from NVD
thinkcentre m920q firmwareNVD
Affected:< m1ukt72aFixed in:m1ukt72aCVE-2023-45075derived from NVD
thinkcentre m920s firmwareNVD
Affected:< m1ukt72aFixed in:m1ukt72aCVE-2023-45075derived from NVD
thinkcentre m920t firmwareNVD
Affected:< m1ukt72aFixed in:m1ukt72aCVE-2023-45075derived from NVD
thinkcentre m920x firmwareNVD
Affected:< m1ukt72aFixed in:m1ukt72aCVE-2023-45075derived from NVD
thinkcentre m920z all-in-one firmwareNVD
Affected:< m1mkt56aFixed in:m1mkt56aCVE-2023-45075derived from NVD
thinkedge se30 firmwareNVD
Affected:< m3fkt2daFixed in:m3fkt2daCVE-2023-45075derived from NVD
thinkstation p320 workstation firmwareNVD
Affected:< s06kt64aFixed in:s06kt64aCVE-2023-45075derived from NVD
thinkstation p330 tiny workstation firmwareNVD
Affected:< m1ukt72aFixed in:m1ukt72aCVE-2023-45075derived from NVD
thinkstation p330 workstation 2nd gen firmwareNVD
Affected:< m1vkt72aFixed in:m1vkt72aCVE-2023-45075derived from NVD
thinkstation p330 workstation firmwareNVD
Affected:< m1vkt72aFixed in:m1vkt72aCVE-2023-45075derived from NVD
thinkstation p340 tiny workstation firmwareNVD
Affected:< m2wkt5aaFixed in:m2wkt5aaCVE-2023-45075derived from NVD
thinkstation p340 workstation firmwareNVD
Affected:< s08kt55aFixed in:s08kt55aCVE-2023-45075derived from NVD
thinkstation p348 workstation firmwareNVD
Affected:< m3kkt3baFixed in:m3kkt3baCVE-2023-45075derived from NVD
thinkstation p360 workstation firmwareNVD
Affected:< s0ekt45aFixed in:s0ekt45aCVE-2023-45075derived from NVD
v30a-22iml firmwareNVD
Affected:< m37kt31aFixed in:m37kt31aCVE-2023-45075derived from NVD
v30a-24iml firmwareNVD
Affected:< m37kt31aFixed in:m37kt31aCVE-2023-45075derived from NVD
v50a-22imb firmwareNVD
Affected:< m36kt32aFixed in:m36kt32aCVE-2023-45075derived from NVD
v50a-24imb firmwareNVD
Affected:< m36kt32aFixed in:m36kt32aCVE-2023-45075derived from NVD
v50s-07imb firmwareNVD
Affected:< m2vkt21aFixed in:m2vkt21aCVE-2023-45075derived from NVD
v50t-13imb firmwareNVD
Affected:< o4hkt3caFixed in:o4hkt3caCVE-2023-45075derived from NVD
v50t-13imh firmwareNVD
Affected:< m4pkt13aFixed in:m4pkt13aCVE-2023-45075derived from NVD
v50t-13iob g2 firmwareNVD
Affected:< m3gkt3daFixed in:m3gkt3daCVE-2023-45075derived from NVD
v55t gen 2 13acn firmwareNVD
Affected:< o5jkt23aFixed in:o5jkt23aCVE-2023-45075derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

0.22%probability of exploitation in 30 days
12thpercentile

Low risk: more likely to be exploited than 12% of all known CVEs.

References

Vendor Advisory1

Related Vulnerabilities

Other CWE-125 (Out-of-bounds Read) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2014-0160High7.5100%KEVFix
CVE-2025-5777High7.5100%KEV + RansomFix
CVE-2021-4034High7.895%KEVFix
CVE-2023-21769High7.592%-Fix
CVE-2023-49285High8.689%-Fix
CVE-2020-8794Critical9.889%-Fix
Embed a live status badge for CVE-2023-45075
CVE-2023-45075 severity badge

Markdown

[![CVE-2023-45075](https://tridentstack.com/cve/badge/CVE-2023-45075.svg)](https://tridentstack.com/cve/CVE-2023-45075)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-45075"><img src="https://tridentstack.com/cve/badge/CVE-2023-45075.svg" alt="CVE-2023-45075"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.