Description
A potential divide by zero vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to cause a Windows blue screen error.
Published: 2026-03-11
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via Blue Screen
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a divide‑by‑zero condition in the Lenovo Virtual Bus driver used by Smart Connect. The flaw allows a local authenticated user to trigger a Windows blue‑screen error, effectively crashing the system. This falls under CWE‑369, indicating a mathematical error that can be exploited by users with legitimate local credentials.

Affected Systems

The affected product is Lenovo Smart Connect, which runs on Windows. No specific build or revision numbers are listed in the CNA data; the CVE indicates that any installation of Smart Connect that includes the Lenovo Virtual Bus driver may be vulnerable. The vendor recommends updating to version 09.0.1.002.000, which resolves the issue.

Risk and Exploitability

The CVSS base score is 6.8, indicating a medium severity vulnerability. The EPSS score is less than 1%, suggesting low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Attackers require local authenticated access; once authenticated, they can trigger a blue‑screen crash by exercising the divide‑by‑zero condition. The impact is a denial of service that disrupts system availability, but there is no evidence of privilege escalation or data theft. Given the low EPSS, the immediate risk is moderate, but organizations should address it promptly to prevent potential local denial of service incidents.

Generated by OpenCVE AI on March 17, 2026 at 14:54 UTC.

Remediation

Vendor Solution

Update Smart Connect to version 09.0.1.002.000. Smart Connect is updated automatically.

OpenCVE Recommended Actions

  • Apply the official Lenovo Smart Connect update to version 09.0.1.002.000, which automatically resolves the vulnerability.
  • Verify that the update was successfully installed and that the Virtual Bus driver no longer contains the divide‑by‑zero condition (check component version or Lenovo support).
  • If immediate update cannot be deployed, isolate affected hosts from critical services and restrict local user privileges to mitigate potential DoS actions.

Generated by OpenCVE AI on March 17, 2026 at 14:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
Title Local Divide‑by‑Zero Vulnerability in Lenovo Smart Connect Virtual Bus Driver Causing Blue Screen

Thu, 12 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Description A potential divide by zero vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to cause a Windows blue screen error.
First Time appeared Lenovo
Lenovo smart Connect
Weaknesses CWE-369
CPEs cpe:2.3:a:lenovo:smart_connect:*:*:windows:*:*:*:*:*
Vendors & Products Lenovo
Lenovo smart Connect
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Lenovo Smart Connect
cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published:

Updated: 2026-03-12T16:18:44.904Z

Reserved: 2026-01-29T19:17:33.821Z

Link: CVE-2026-1653

cve-icon Vulnrichment

Updated: 2026-03-12T15:35:51.582Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-11T21:16:14.617

Modified: 2026-03-12T21:08:22.643

Link: CVE-2026-1653

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:37:13Z

Weaknesses