Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-3843

A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 6.7, requiring local system access to exploit with relatively low complexity without requiring user interaction . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 59 products from lenovo, from lenovo, from lenovo and 56 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2021, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2021-11-12T22:15:08.580

Last Modified

2024-11-21T06:22:37.037

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-20
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	thinkpad_11e_3rd_gen_firmware	≤ 1.22	Yes
Hardware	lenovo	thinkpad_11e_3rd_gen	-	No
Operating System	lenovo	thinkpad_11e_3rd_gen_firmware	≤ 1.29	Yes
Hardware	lenovo	thinkpad_11e_3rd_gen	-	No
Operating System	lenovo	thinkpad_11e_4th_gen_i3_firmware	≤ 1.22	Yes
Hardware	lenovo	thinkpad_11e_4th_gen_i3	-	No
Operating System	lenovo	thinkpad_11e_4th_gen_i7_firmware	≤ 1.22	Yes
Hardware	lenovo	thinkpad_11e_4th_gen_i7	-	No
Operating System	lenovo	thinkpad_11e_4th_gen_i5_firmware	≤ 1.22	Yes
Hardware	lenovo	thinkpad_11e_4th_gen_i5	-	No
Operating System	lenovo	thinkpad_11e_4th_gen_celeron_firmware	≤ 1.27	Yes
Hardware	lenovo	thinkpad_11e_4th_gen_celeron	-	No
Operating System	lenovo	thinkpad_11e_yoga_gen_6_firmware	≤ 1.12	Yes
Hardware	lenovo	thinkpad_11e_yoga_gen_6	-	No
Operating System	lenovo	thinkpad_13_gen_2_firmware	≤ 1.29	Yes
Hardware	lenovo	thinkpad_13_gen_2	-	No
Operating System	lenovo	thinkpad_l13_firmware	≤ 1.31	Yes
Hardware	lenovo	thinkpad_l13	-	No
Operating System	lenovo	thinkpad_l13_gen_2_firmware	≤ 1.11	Yes
Hardware	lenovo	thinkpad_l13_gen_2	-	No
Operating System	lenovo	thinkpad_l13_gen_2_firmware	≤ 1.08	Yes
Hardware	lenovo	thinkpad_l13_gen_2	-	No
Operating System	lenovo	thinkpad_l13_yoga_firmware	≤ 1.31	Yes
Hardware	lenovo	thinkpad_l13_yoga	-	No
Operating System	lenovo	thinkpad_l13_yoga_gen_2_firmware	≤ 1.11	Yes
Hardware	lenovo	thinkpad_l13_yoga_gen_2	-	No
Operating System	lenovo	thinkpad_l13_yoga_gen_2_firmware	≤ 1.08	Yes
Hardware	lenovo	thinkpad_l13_yoga_gen_2	-	No
Operating System	lenovo	thinkpad_l14_gen_1_firmware	< 1.15	Yes
Hardware	lenovo	thinkpad_l14_gen_1	-	No
Operating System	lenovo	thinkpad_l14_firmware	< 1.20.1.17	Yes
Hardware	lenovo	thinkpad_l14	-	No
Operating System	lenovo	thinkpad_l15_gen_1_firmware	< 1.15	Yes
Hardware	lenovo	thinkpad_l15_gen_1	-	No
Operating System	lenovo	thinkpad_l15_firmware	< 1.20.1.17	Yes
Hardware	lenovo	thinkpad_l15	-	No
Operating System	lenovo	thinkpad_l380_firmware	≤ 1.26	Yes
Hardware	lenovo	thinkpad_l380	-	No
Operating System	lenovo	thinkpad_l380_yoga_firmware	≤ 1.26	Yes
Hardware	lenovo	thinkpad_l380_yoga	-	No
Operating System	lenovo	thinkpad_l390_yoga_firmware	≤ 1.35	Yes
Hardware	lenovo	thinkpad_l390_yoga	-	No
Operating System	lenovo	thinkpad_l390_firmware	≤ 1.35	Yes
Hardware	lenovo	thinkpad_l390	-	No
Operating System	lenovo	thinkpad_s5_2nd_gen_firmware	≤ 1.28	Yes
Hardware	lenovo	thinkpad_s5_2nd_gen	-	No
Operating System	lenovo	thinkpad_t460_firmware	≤ 1.43.1.11	Yes
Hardware	lenovo	thinkpad_t460	-	No
Operating System	lenovo	thinkpad_s2_gen_6_firmware	≤ 2021-09-30	Yes
Hardware	lenovo	thinkpad_s2_gen_6	-	No
Operating System	lenovo	thinkpad_s2_yoga_gen_6_firmware	≤ 2021-09-30	Yes
Hardware	lenovo	thinkpad_s2_yoga_gen_6	-	No
Operating System	lenovo	thinkpad_x12_detachable_gen_1_firmware	< 1.16	Yes
Hardware	lenovo	thinkpad_x12_detachable_gen_1	-	No
Operating System	lenovo	thinkpad_x260_firmware	≤ 1.47\/1.15	Yes
Hardware	lenovo	thinkpad_x260	-	No
Operating System	lenovo	thinkpad_x380_yoga_firmware	≤ 1.34	Yes
Hardware	lenovo	thinkpad_x380_yoga	-	No
Operating System	lenovo	thinkpad_x390_yoga_firmware	< n2let87w	Yes
Hardware	lenovo	thinkpad_x390_yoga	-	No
Operating System	lenovo	thinkpad_11e_5th_gen_firmware	≤ 1.13	Yes
Hardware	lenovo	thinkpad_11e_5th_gen	-	No
Operating System	lenovo	thinkpad_11e_5th_gen_firmware	≤ 1.13	Yes
Hardware	lenovo	thinkpad_yoga_370	-	No
Operating System	lenovo	thinkpad_x1_fold_gen_1_firmware	< n2pet50w	Yes
Hardware	lenovo	thinkpad_x1_fold_gen_1	-	No

References

https://support.lenovo.com/us/en/product_security/LEN-72619 Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-72619 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For lenovo's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.