Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-3843

A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Published

2021-11-12T22:15:08.580

Last Modified

2024-11-21T06:22:37.037

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-20
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	thinkpad_11e_3rd_gen_firmware	≤ 1.22	Yes
Hardware	lenovo	thinkpad_11e_3rd_gen	-	No
Operating System	lenovo	thinkpad_11e_3rd_gen_firmware	≤ 1.29	Yes
Hardware	lenovo	thinkpad_11e_3rd_gen	-	No
Operating System	lenovo	thinkpad_11e_4th_gen_i3_firmware	≤ 1.22	Yes
Hardware	lenovo	thinkpad_11e_4th_gen_i3	-	No
Operating System	lenovo	thinkpad_11e_4th_gen_i7_firmware	≤ 1.22	Yes
Hardware	lenovo	thinkpad_11e_4th_gen_i7	-	No
Operating System	lenovo	thinkpad_11e_4th_gen_i5_firmware	≤ 1.22	Yes
Hardware	lenovo	thinkpad_11e_4th_gen_i5	-	No
Operating System	lenovo	thinkpad_11e_4th_gen_celeron_firmware	≤ 1.27	Yes
Hardware	lenovo	thinkpad_11e_4th_gen_celeron	-	No
Operating System	lenovo	thinkpad_11e_yoga_gen_6_firmware	≤ 1.12	Yes
Hardware	lenovo	thinkpad_11e_yoga_gen_6	-	No
Operating System	lenovo	thinkpad_13_gen_2_firmware	≤ 1.29	Yes
Hardware	lenovo	thinkpad_13_gen_2	-	No
Operating System	lenovo	thinkpad_l13_firmware	≤ 1.31	Yes
Hardware	lenovo	thinkpad_l13	-	No
Operating System	lenovo	thinkpad_l13_gen_2_firmware	≤ 1.11	Yes
Hardware	lenovo	thinkpad_l13_gen_2	-	No
Operating System	lenovo	thinkpad_l13_gen_2_firmware	≤ 1.08	Yes
Hardware	lenovo	thinkpad_l13_gen_2	-	No
Operating System	lenovo	thinkpad_l13_yoga_firmware	≤ 1.31	Yes
Hardware	lenovo	thinkpad_l13_yoga	-	No
Operating System	lenovo	thinkpad_l13_yoga_gen_2_firmware	≤ 1.11	Yes
Hardware	lenovo	thinkpad_l13_yoga_gen_2	-	No
Operating System	lenovo	thinkpad_l13_yoga_gen_2_firmware	≤ 1.08	Yes
Hardware	lenovo	thinkpad_l13_yoga_gen_2	-	No
Operating System	lenovo	thinkpad_l14_gen_1_firmware	< 1.15	Yes
Hardware	lenovo	thinkpad_l14_gen_1	-	No
Operating System	lenovo	thinkpad_l14_firmware	< 1.20.1.17	Yes
Hardware	lenovo	thinkpad_l14	-	No
Operating System	lenovo	thinkpad_l15_gen_1_firmware	< 1.15	Yes
Hardware	lenovo	thinkpad_l15_gen_1	-	No
Operating System	lenovo	thinkpad_l15_firmware	< 1.20.1.17	Yes
Hardware	lenovo	thinkpad_l15	-	No
Operating System	lenovo	thinkpad_l380_firmware	≤ 1.26	Yes
Hardware	lenovo	thinkpad_l380	-	No
Operating System	lenovo	thinkpad_l380_yoga_firmware	≤ 1.26	Yes
Hardware	lenovo	thinkpad_l380_yoga	-	No
Operating System	lenovo	thinkpad_l390_yoga_firmware	≤ 1.35	Yes
Hardware	lenovo	thinkpad_l390_yoga	-	No
Operating System	lenovo	thinkpad_l390_firmware	≤ 1.35	Yes
Hardware	lenovo	thinkpad_l390	-	No
Operating System	lenovo	thinkpad_s5_2nd_gen_firmware	≤ 1.28	Yes
Hardware	lenovo	thinkpad_s5_2nd_gen	-	No
Operating System	lenovo	thinkpad_t460_firmware	≤ 1.43.1.11	Yes
Hardware	lenovo	thinkpad_t460	-	No
Operating System	lenovo	thinkpad_s2_gen_6_firmware	≤ 2021-09-30	Yes
Hardware	lenovo	thinkpad_s2_gen_6	-	No
Operating System	lenovo	thinkpad_s2_yoga_gen_6_firmware	≤ 2021-09-30	Yes
Hardware	lenovo	thinkpad_s2_yoga_gen_6	-	No
Operating System	lenovo	thinkpad_x12_detachable_gen_1_firmware	< 1.16	Yes
Hardware	lenovo	thinkpad_x12_detachable_gen_1	-	No
Operating System	lenovo	thinkpad_x260_firmware	≤ 1.47\/1.15	Yes
Hardware	lenovo	thinkpad_x260	-	No
Operating System	lenovo	thinkpad_x380_yoga_firmware	≤ 1.34	Yes
Hardware	lenovo	thinkpad_x380_yoga	-	No
Operating System	lenovo	thinkpad_x390_yoga_firmware	< n2let87w	Yes
Hardware	lenovo	thinkpad_x390_yoga	-	No
Operating System	lenovo	thinkpad_11e_5th_gen_firmware	≤ 1.13	Yes
Hardware	lenovo	thinkpad_11e_5th_gen	-	No
Operating System	lenovo	thinkpad_11e_5th_gen_firmware	≤ 1.13	Yes
Hardware	lenovo	thinkpad_yoga_370	-	No
Operating System	lenovo	thinkpad_x1_fold_gen_1_firmware	< n2pet50w	Yes
Hardware	lenovo	thinkpad_x1_fold_gen_1	-	No

References

https://support.lenovo.com/us/en/product_security/LEN-72619 Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-72619 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)