Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-3719

A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Published

2021-11-12T22:15:07.957

Last Modified

2024-11-21T06:22:14.657

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-20
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	thinkcentre_e93_firmware	< fbktdfa	Yes
Hardware	lenovo	thinkcentre_e93	-	No
Operating System	lenovo	thinkcentre_m600_firmware	< m00kt65a	Yes
Hardware	lenovo	thinkcentre_m600	-	No
Operating System	lenovo	thinkcentre_m700_tiny_firmware	< fwktb9a	Yes
Hardware	lenovo	thinkcentre_m700_tiny	-	No
Operating System	lenovo	thinkcentre_m73_firmware	< fhkt86a	Yes
Hardware	lenovo	thinkcentre_m73	-	No
Operating System	lenovo	thinkcentre_m73p_firmware	< fbktdfa	Yes
Hardware	lenovo	thinkcentre_m73p	-	No
Operating System	lenovo	thinkcentre_m800_firmware	< fwktb9a	Yes
Hardware	lenovo	thinkcentre_m800	-	No
Operating System	lenovo	thinkcentre_m818z_firmware	< m1ekt23a	Yes
Hardware	lenovo	thinkcentre_m818z	-	No
Operating System	lenovo	thinkcentre_m83_firmware	< fbktdfa	Yes
Hardware	lenovo	thinkcentre_m83	-	No
Operating System	lenovo	thinkcentre_m900_firmware	< fwktb9a	Yes
Hardware	lenovo	thinkcentre_m900	-	No
Operating System	lenovo	thinkcentre_m900x_firmware	< fwktb9a	Yes
Hardware	lenovo	thinkcentre_m900x	-	No
Operating System	lenovo	thinkcentre_m93_firmware	< fbktdfa	Yes
Hardware	lenovo	thinkcentre_m93	-	No
Operating System	lenovo	thinkcentre_m93p_firmware	< fbktdfa	Yes
Hardware	lenovo	thinkcentre_m93p	-	No
Operating System	lenovo	thinkcentre_m4500q_firmware	< fhkt86a	Yes
Hardware	lenovo	thinkcentre_m4500q	-	No
Operating System	lenovo	thinkcentre_m6500t\/s_firmware	< fbktdfa	Yes
Hardware	lenovo	thinkcentre_m6500t\/s	-	No
Operating System	lenovo	thinkcentre_m8500t\/s_firmware	< fbktdfa	Yes
Hardware	lenovo	thinkcentre_m8500t\/s	-	No
Operating System	lenovo	thinkcentre_x1_firmware	< m0hkt50a	Yes
Hardware	lenovo	thinkcentre_x1	-	No
Operating System	lenovo	thinkstation_p300_firmware	< fbktdfa	Yes
Hardware	lenovo	thinkstation_p300	-	No
Operating System	lenovo	thinkstation_p500_firmware	< a4ktaba	Yes
Hardware	lenovo	thinkstation_p500	-	No
Operating System	lenovo	thinkstation_p700_firmware	< a5ktaba	Yes
Hardware	lenovo	thinkstation_p700	-	No
Operating System	lenovo	thinkstation_p900_firmware	< a6ktaba	Yes
Hardware	lenovo	thinkstation_p900	-	No

References

https://support.lenovo.com/us/en/product_security/LEN-67440 Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-67440 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)