CVE-2023-45075 : What You Need to Know

A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

Understanding CVE-2023-45075

This section provides detailed insights into the CVE-2023-45075 vulnerability.

What is CVE-2023-45075?

CVE-2023-45075 is a memory leakage vulnerability in the SWSMI_Shadow DXE driver that enables a local attacker with elevated privileges to modify NVRAM variables.

The Impact of CVE-2023-45075

This vulnerability could be exploited by a local attacker to tamper with NVRAM variables, potentially leading to unauthorized system changes and information disclosure.

Technical Details of CVE-2023-45075

In this section, we delve into the specifics of CVE-2023-45075.

Vulnerability Description

The vulnerability allows a local attacker with elevated privileges to write to NVRAM variables, posing a significant security risk to affected systems.

Affected Systems and Versions

The BIOS product by Lenovo is affected by this vulnerability across various versions.

Exploitation Mechanism

The attack complexity is low, with a local vector, high availability impact, and the need for high privileges to execute the exploit.

Mitigation and Prevention

Learn how to address and prevent CVE-2023-45075 from impacting your systems.

Immediate Steps to Take

Users are advised to update their system firmware to the recommended version or newer as indicated in the advisory.

Long-Term Security Practices

Implement robust security measures and policies to safeguard against memory leakage vulnerabilities and unauthorized access.

Patching and Updates

Lenovo has provided a solution to this vulnerability by recommending users update their system firmware using the following link: Update system firmware to the version (or newer) indicated for your model in the advisory: Lenovo Security Advisory.