Description
A potential buffer overflow vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to corrupt memory and cause a Windows blue screen error.
Published: 2026-03-11
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (BSOD)
Action: Apply Patch
AI Analysis

Impact

A buffer overflow flaw exists in the Lenovo Virtual Bus driver component of Smart Connect. When exploited by a local authenticated user, the overflow can corrupt memory and trigger a Windows blue screen of death. This vulnerability is classified as CWE-122 (Buffer Copy without Checking Size or Boundary). The primary consequence is a denial of service through forced system crash, without known direct data compromise.

Affected Systems

The issue affects Lenovo Smart Connect installations on Windows using the Virtual Bus driver. All versions prior to the patched release 09.0.1.002.000 are considered vulnerable. The affected platform can be identified via the CPE string cpe:2.3:a:lenovo:smart_connect:*:*:windows:*:*:*:*:*.

Risk and Exploitability

With a CVSS score of 6.9 and an EPSS of less than 1%, the technical severity is moderate while the likelihood of exploitation is low. The vulnerability requires local, authenticated access and cannot be triggered remotely, thus limiting exposure. The issue is not present in the CISA Known Exploited Vulnerabilities catalog.

Generated by OpenCVE AI on March 17, 2026 at 14:54 UTC.

Remediation

Vendor Solution

Update Smart Connect to version 09.0.1.002.000. Smart Connect is updated automatically.

OpenCVE Recommended Actions

  • Update Smart Connect to version 09.0.1.002.000; the driver is updated automatically

Generated by OpenCVE AI on March 17, 2026 at 14:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Lenovo Smart Connect Virtual Bus Driver Causing Windows BSOD

Thu, 12 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Description A potential buffer overflow vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to corrupt memory and cause a Windows blue screen error.
First Time appeared Lenovo
Lenovo smart Connect
Weaknesses CWE-122
CPEs cpe:2.3:a:lenovo:smart_connect:*:*:windows:*:*:*:*:*
Vendors & Products Lenovo
Lenovo smart Connect
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Lenovo Smart Connect
cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published:

Updated: 2026-03-12T16:18:51.456Z

Reserved: 2026-01-29T19:17:33.220Z

Link: CVE-2026-1652

cve-icon Vulnrichment

Updated: 2026-03-12T15:35:52.858Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-11T21:16:14.427

Modified: 2026-03-12T21:08:22.643

Link: CVE-2026-1652

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:37:14Z

Weaknesses