SARA / Free Tools / CVE / CVE-2024-3100

CVE-2024-3100 — A potential buffer overflow vulnerability was reported in some Lenovo Notebook p

A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code.

CVSS

6.7 MEDIUM

EPSS

10.00% (top 71.90%)

CWE

CWE-121

Published

2024-09-13T17:26:33.357Z

Last modified

2024-09-17T14:38:51.949Z

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

01What is this vulnerability?

A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code.

02Affected products

Vendor	Product	Versions
Lenovo	100w Gen 3 Laptop (Lenovo) BIOS	0
Lenovo	100w Gen 4 Laptop (Lenovo) BIOS	0
Lenovo	13w Yoga (Type 82S1, 82S2) Laptop (Lenovo) BIOS	0
Lenovo	13w Yoga Gen 2 (Type 82YR, 82YS) Laptop (Lenovo) BIOS	0
Lenovo	14W Gen 2 Laptop (Lenovo) BIOS	0
Lenovo	300w Gen 3 Laptop (Lenovo) BIOS	0
Lenovo	300w Yoga Gen 4 Laptop (Lenovo) BIOS	0
Lenovo	500w Yoga Gen 4 Laptop (Lenovo) BIOS	0
Lenovo	Flex 5	14ITL05 Laptop (ideapad) BIOS — 0
Lenovo	Flex 5	15ITL05 Laptop (ideapad) BIOS — 0
Lenovo	IdeaPad 1 14ALC7 Laptop BIOS	0
Lenovo	IdeaPad 1 15ALC7 Laptop BIOS	0
Lenovo	IdeaPad 1	11IGL05 Laptop BIOS — 0
Lenovo	IdeaPad 1	14IGL05 Laptop BIOS — 0
Lenovo	IdeaPad 3 14ABA7 Laptop BIOS	0
Lenovo	IdeaPad 3 15ABA7 Laptop BIOS	0
Lenovo	IdeaPad 3 17ABA7 Laptop BIOS	0
Lenovo	IdeaPad 3	14ALC6 Laptop BIOS — 0
Lenovo	IdeaPad 3	15ALC6 Laptop BIOS — 0
Lenovo	IdeaPad 3	17ALC6 Laptop BIOS — 0
Lenovo	ideapad 5	15ALC05 Laptop BIOS — 0
Lenovo	IdeaPad Flex 5 14ABR8 BIOS	0
Lenovo	IdeaPad Flex 5 14ALC7 Laptop BIOS	0
Lenovo	IdeaPad Flex 5 14IAU7 Laptop BIOS	0
Lenovo	IdeaPad Flex 5 14IRU8 BIOS	0
Lenovo	IdeaPad Flex 5 16ABR8 BIOS	0
Lenovo	IdeaPad Flex 5 16ALC7 BIOS	0
Lenovo	IdeaPad Flex 5 16IAU7 BIOS	0
Lenovo	IdeaPad Flex 5 16IRU8 BIOS	0
Lenovo	IdeaPad Slim 3 14ABR8 BIOS	0
Lenovo	IdeaPad Slim 3 14AMN8 BIOS	0
Lenovo	IdeaPad Slim 3 15ABR8 BIOS	0
Lenovo	IdeaPad Slim 3 15AMN8 BIOS	0
Lenovo	IdeaPad Slim 3 16ABR8 BIOS	0
Lenovo	IdeaPad Slim 5 Light 14ABR8 BIOS	0
Lenovo	K14 G2 IRU BIOS	0
Lenovo	Lenovo Flex 7 14IAU7 BIOS	0
Lenovo	Lenovo Flex 7 14IRU8 BIOS	0
Lenovo	Lenovo V14 G3 ABA Laptop BIOS	0
Lenovo	Lenovo V14 G4 ABP BIOS	0
Lenovo	Lenovo V14 G4 AMN BIOS	0
Lenovo	Lenovo V15 G3 ABA Laptop BIOS	0
Lenovo	Lenovo V15 G4 ABP BIOS	0
Lenovo	Lenovo V15 G4 AMN BIOS	0
Lenovo	ThinkBook 13s G4 ARB BIOS	0
Lenovo	ThinkBook 13s G4 IAP BIOS	0
Lenovo	ThinkBook 13x G2 IAP Laptop BIOS	0
Lenovo	ThinkBook 14 G6 ABP BIOS	0
Lenovo	ThinkBook 14 G6 IRL BIOS	0
Lenovo	ThinkBook 16 G6 ABP BIOS	0

03Active exploitation status

Not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. EPSS is the best forward-looking signal — see the EPSS row above.

04Recommended remediation

Patch to a fixed version listed in the vendor advisory (see references below).
Mitigate with WAF rules, network egress filters, or feature flags where the patch is not yet available.
Hunt historical logs for exploitation indicators — see Detection signatures below.

05Technical details

For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.

06Detection signatures

Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:

Open in Sigma generator →

07Related CVEs

No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.

08Timeline

Published: 2024-09-13T17:26:33.357Z
Last modified: 2024-09-17T14:38:51.949Z

09References

support.lenovo.com — https://support.lenovo.com/us/en/product_security/LEN-165524

Want this in your SOAR or SIEM?
SARA's API returns EPSS, CVSS, KEV, and an analyst-grade summary in one call.

Read the API reference →

EPSS detail → Search KEV → Ask SARA →