CVE-2021-3843

A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
lenovothinkpad_11e_3rd_gen_firmware
𝑥
≤ 1.22
lenovothinkpad_11e_3rd_gen_firmware
𝑥
≤ 1.29
lenovothinkpad_11e_4th_gen_i3_firmware
𝑥
≤ 1.22
lenovothinkpad_11e_4th_gen_i7_firmware
𝑥
≤ 1.22
lenovothinkpad_11e_4th_gen_i5_firmware
𝑥
≤ 1.22
lenovothinkpad_11e_4th_gen_celeron_firmware
𝑥
≤ 1.27
lenovothinkpad_11e_yoga_gen_6_firmware
𝑥
≤ 1.12
lenovothinkpad_13_gen_2_firmware
𝑥
≤ 1.29
lenovothinkpad_l13_firmware
𝑥
≤ 1.31
lenovothinkpad_l13_gen_2_firmware
𝑥
≤ 1.11
lenovothinkpad_l13_gen_2_firmware
𝑥
≤ 1.08
lenovothinkpad_l13_yoga_firmware
𝑥
≤ 1.31
lenovothinkpad_l13_yoga_gen_2_firmware
𝑥
≤ 1.11
lenovothinkpad_l13_yoga_gen_2_firmware
𝑥
≤ 1.08
lenovothinkpad_l14_gen_1_firmware
𝑥
< 1.15
lenovothinkpad_l14_firmware
𝑥
< 1.20.1.17
lenovothinkpad_l15_gen_1_firmware
𝑥
< 1.15
lenovothinkpad_l15_firmware
𝑥
< 1.20.1.17
lenovothinkpad_l380_firmware
𝑥
≤ 1.26
lenovothinkpad_l380_yoga_firmware
𝑥
≤ 1.26
lenovothinkpad_l390_yoga_firmware
𝑥
≤ 1.35
lenovothinkpad_l390_firmware
𝑥
≤ 1.35
lenovothinkpad_s5_2nd_gen_firmware
𝑥
≤ 1.28
lenovothinkpad_t460_firmware
𝑥
≤ 1.43.1.11
lenovothinkpad_s2_gen_6_firmware
𝑥
≤ 2021-09-30
lenovothinkpad_s2_yoga_gen_6_firmware
𝑥
≤ 2021-09-30
lenovothinkpad_x12_detachable_gen_1_firmware
𝑥
< 1.16
lenovothinkpad_x260_firmware
𝑥
≤ 1.47\/1.15
lenovothinkpad_x380_yoga_firmware
𝑥
≤ 1.34
lenovothinkpad_11e_5th_gen_firmware
𝑥
≤ 1.13
lenovothinkpad_11e_5th_gen_firmware
𝑥
≤ 1.13
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.lenovo.com/us/en/product_security/LEN-72619
https://support.lenovo.com/us/en/product_security/LEN-72619