CVE-2024-3100

Description

A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code.

Remediation

Solution:

  • Update system firmware to the version (or newer) indicated for your model in the advisory:  https://support.lenovo.com/us/en/product_security/LEN-165524

Category

6.7
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Affected: Lenovo 100w Gen 3 Laptop (Lenovo) BIOS
Affected: Lenovo 100w Gen 4 Laptop (Lenovo) BIOS
Affected: Lenovo 13w Yoga (Type 82S1, 82S2) Laptop (Lenovo) BIOS
Affected: Lenovo 13w Yoga Gen 2 (Type 82YR, 82YS) Laptop (Lenovo) BIOS
Affected: Lenovo 14W Gen 2 Laptop (Lenovo) BIOS
Affected: Lenovo 300w Gen 3 Laptop (Lenovo) BIOS
Affected: Lenovo 300w Yoga Gen 4 Laptop (Lenovo) BIOS
Affected: Lenovo 500w Yoga Gen 4 Laptop (Lenovo) BIOS
Affected: Lenovo Flex 5-14ITL05 Laptop (ideapad) BIOS
Affected: Lenovo Flex 5-15ITL05 Laptop (ideapad) BIOS
Affected: Lenovo IdeaPad 1 14ALC7 Laptop BIOS
Affected: Lenovo IdeaPad 1 15ALC7 Laptop BIOS
Affected: Lenovo IdeaPad 1-11IGL05 Laptop BIOS
Affected: Lenovo IdeaPad 1-14IGL05 Laptop BIOS
Affected: Lenovo IdeaPad 3 14ABA7 Laptop BIOS
Affected: Lenovo IdeaPad 3 15ABA7 Laptop BIOS
Affected: Lenovo IdeaPad 3 17ABA7 Laptop BIOS
Affected: Lenovo IdeaPad 3-14ALC6 Laptop BIOS
Affected: Lenovo IdeaPad 3-15ALC6 Laptop BIOS
Affected: Lenovo IdeaPad 3-17ALC6 Laptop BIOS
Affected: Lenovo ideapad 5-15ALC05 Laptop BIOS
Affected: Lenovo IdeaPad Flex 5 14ABR8 BIOS
Affected: Lenovo IdeaPad Flex 5 14ALC7 Laptop BIOS
Affected: Lenovo IdeaPad Flex 5 14IAU7 Laptop BIOS
Affected: Lenovo IdeaPad Flex 5 14IRU8 BIOS
Affected: Lenovo IdeaPad Flex 5 16ABR8 BIOS
Affected: Lenovo IdeaPad Flex 5 16ALC7 BIOS
Affected: Lenovo IdeaPad Flex 5 16IAU7 BIOS
Affected: Lenovo IdeaPad Flex 5 16IRU8 BIOS
Affected: Lenovo IdeaPad Slim 3 14ABR8 BIOS
Affected: Lenovo IdeaPad Slim 3 14AMN8 BIOS
Affected: Lenovo IdeaPad Slim 3 15ABR8 BIOS
Affected: Lenovo IdeaPad Slim 3 15AMN8 BIOS
Affected: Lenovo IdeaPad Slim 3 16ABR8 BIOS
Affected: Lenovo IdeaPad Slim 5 Light 14ABR8 BIOS
Affected: Lenovo K14 G2 IRU BIOS
Affected: Lenovo Lenovo Flex 7 14IAU7 BIOS
Affected: Lenovo Lenovo Flex 7 14IRU8 BIOS
Affected: Lenovo Lenovo V14 G3 ABA Laptop BIOS
Affected: Lenovo Lenovo V14 G4 ABP BIOS
Affected: Lenovo Lenovo V14 G4 AMN BIOS
Affected: Lenovo Lenovo V15 G3 ABA Laptop BIOS
Affected: Lenovo Lenovo V15 G4 ABP BIOS
Affected: Lenovo Lenovo V15 G4 AMN BIOS
Affected: Lenovo ThinkBook 13s G4 ARB BIOS
Affected: Lenovo ThinkBook 13s G4 IAP BIOS
Affected: Lenovo ThinkBook 13x G2 IAP Laptop BIOS
Affected: Lenovo ThinkBook 14 G6 ABP BIOS
Affected: Lenovo ThinkBook 14 G6 IRL BIOS
Affected: Lenovo ThinkBook 16 G6 ABP BIOS
Affected: Lenovo ThinkBook 16 G6 IRL BIOS
Affected: Lenovo V14 G2-ALC Laptop (Lenovo) BIOS
Affected: Lenovo V15 G2-ALC Laptop (Lenovo) BIOS
Affected: Lenovo Yoga Slim 7 Pro-14ACH5 Laptop (ideapad) BIOS
Affected: Lenovo Yoga Slim 7 Pro-14ACH5 O Laptop (ideapad) BIOS
Published at:
Updated at:

References

Link Tags
https://support.lenovo.com/us/en/product_security/LEN-165524

Frequently Asked Questions

What is the severity of CVE-2024-3100?
CVE-2024-3100 has been scored as a medium severity vulnerability.
How to fix CVE-2024-3100?
To fix CVE-2024-3100: Update system firmware to the version (or newer) indicated for your model in the advisory:  https://support.lenovo.com/us/en/product_security/LEN-165524
Is CVE-2024-3100 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-3100 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-3100?
CVE-2024-3100 affects Lenovo 100w Gen 3 Laptop (Lenovo) BIOS, Lenovo 100w Gen 4 Laptop (Lenovo) BIOS, Lenovo 13w Yoga (Type 82S1, 82S2) Laptop (Lenovo) BIOS, Lenovo 13w Yoga Gen 2 (Type 82YR, 82YS) Laptop (Lenovo) BIOS, Lenovo 14W Gen 2 Laptop (Lenovo) BIOS, Lenovo 300w Gen 3 Laptop (Lenovo) BIOS, Lenovo 300w Yoga Gen 4 Laptop (Lenovo) BIOS, Lenovo 500w Yoga Gen 4 Laptop (Lenovo) BIOS, Lenovo Flex 5-14ITL05 Laptop (ideapad) BIOS, Lenovo Flex 5-15ITL05 Laptop (ideapad) BIOS, Lenovo IdeaPad 1 14ALC7 Laptop BIOS, Lenovo IdeaPad 1 15ALC7 Laptop BIOS, Lenovo IdeaPad 1-11IGL05 Laptop BIOS, Lenovo IdeaPad 1-14IGL05 Laptop BIOS, Lenovo IdeaPad 3 14ABA7 Laptop BIOS, Lenovo IdeaPad 3 15ABA7 Laptop BIOS, Lenovo IdeaPad 3 17ABA7 Laptop BIOS, Lenovo IdeaPad 3-14ALC6 Laptop BIOS, Lenovo IdeaPad 3-15ALC6 Laptop BIOS, Lenovo IdeaPad 3-17ALC6 Laptop BIOS, Lenovo ideapad 5-15ALC05 Laptop BIOS, Lenovo IdeaPad Flex 5 14ABR8 BIOS, Lenovo IdeaPad Flex 5 14ALC7 Laptop BIOS, Lenovo IdeaPad Flex 5 14IAU7 Laptop BIOS, Lenovo IdeaPad Flex 5 14IRU8 BIOS, Lenovo IdeaPad Flex 5 16ABR8 BIOS, Lenovo IdeaPad Flex 5 16ALC7 BIOS, Lenovo IdeaPad Flex 5 16IAU7 BIOS, Lenovo IdeaPad Flex 5 16IRU8 BIOS, Lenovo IdeaPad Slim 3 14ABR8 BIOS, Lenovo IdeaPad Slim 3 14AMN8 BIOS, Lenovo IdeaPad Slim 3 15ABR8 BIOS, Lenovo IdeaPad Slim 3 15AMN8 BIOS, Lenovo IdeaPad Slim 3 16ABR8 BIOS, Lenovo IdeaPad Slim 5 Light 14ABR8 BIOS, Lenovo K14 G2 IRU BIOS, Lenovo Lenovo Flex 7 14IAU7 BIOS, Lenovo Lenovo Flex 7 14IRU8 BIOS, Lenovo Lenovo V14 G3 ABA Laptop BIOS, Lenovo Lenovo V14 G4 ABP BIOS, Lenovo Lenovo V14 G4 AMN BIOS, Lenovo Lenovo V15 G3 ABA Laptop BIOS, Lenovo Lenovo V15 G4 ABP BIOS, Lenovo Lenovo V15 G4 AMN BIOS, Lenovo ThinkBook 13s G4 ARB BIOS, Lenovo ThinkBook 13s G4 IAP BIOS, Lenovo ThinkBook 13x G2 IAP Laptop BIOS, Lenovo ThinkBook 14 G6 ABP BIOS, Lenovo ThinkBook 14 G6 IRL BIOS, Lenovo ThinkBook 16 G6 ABP BIOS, Lenovo ThinkBook 16 G6 IRL BIOS, Lenovo V14 G2-ALC Laptop (Lenovo) BIOS, Lenovo V15 G2-ALC Laptop (Lenovo) BIOS, Lenovo Yoga Slim 7 Pro-14ACH5 Laptop (ideapad) BIOS, Lenovo Yoga Slim 7 Pro-14ACH5 O Laptop (ideapad) BIOS.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.