CVE-2021-3719

Published: Nov 12, 2021Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Affected (20)

Lenovo

20 products

Thinkcentre E93 Firmware

Thinkcentre M600 Firmware

Thinkcentre M700 Tiny Firmware

Thinkcentre M73 Firmware

Thinkcentre M73p Firmware

Thinkcentre M800 Firmware

Thinkcentre M818z Firmware

Thinkcentre M83 Firmware

Thinkcentre M900 Firmware

Thinkcentre M900x Firmware

Thinkcentre M93 Firmware

Thinkcentre M93p Firmware

Thinkcentre M4500q Firmware

Thinkcentre M6500t/s Firmware

Thinkcentre M8500t/s Firmware

Thinkcentre X1 Firmware

Thinkstation P300 Firmware

Thinkstation P500 Firmware

Thinkstation P700 Firmware

Thinkstation P900 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre E93 Firmware	Before fbktdfa

Running on/with	Platform Versions
Lenovo Thinkcentre E93	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M600 Firmware	Before m00kt65a

Running on/with	Platform Versions
Lenovo Thinkcentre M600	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M700 Tiny Firmware	Before fwktb9a

Running on/with	Platform Versions
Lenovo Thinkcentre M700 Tiny	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M73 Firmware	Before fhkt86a

Running on/with	Platform Versions
Lenovo Thinkcentre M73	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M73p Firmware	Before fbktdfa

Running on/with	Platform Versions
Lenovo Thinkcentre M73p	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M800 Firmware	Before fwktb9a

Running on/with	Platform Versions
Lenovo Thinkcentre M800	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M818z Firmware	Before m1ekt23a

Running on/with	Platform Versions
Lenovo Thinkcentre M818z	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M83 Firmware	Before fbktdfa

Running on/with	Platform Versions
Lenovo Thinkcentre M83	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M900 Firmware	Before fwktb9a

Running on/with	Platform Versions
Lenovo Thinkcentre M900	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M900x Firmware	Before fwktb9a

Running on/with	Platform Versions
Lenovo Thinkcentre M900x	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M93 Firmware	Before fbktdfa

Running on/with	Platform Versions
Lenovo Thinkcentre M93	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M93p Firmware	Before fbktdfa

Running on/with	Platform Versions
Lenovo Thinkcentre M93p	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M4500q Firmware	Before fhkt86a

Running on/with	Platform Versions
Lenovo Thinkcentre M4500q	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M6500t/s Firmware	Before fbktdfa

Running on/with	Platform Versions
Lenovo Thinkcentre M6500t/s	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M8500t/s Firmware	Before fbktdfa

Running on/with	Platform Versions
Lenovo Thinkcentre M8500t/s	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre X1 Firmware	Before m0hkt50a

Running on/with	Platform Versions
Lenovo Thinkcentre X1	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P300 Firmware	Before fbktdfa

Running on/with	Platform Versions
Lenovo Thinkstation P300	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P500 Firmware	Before a4ktaba

Running on/with	Platform Versions
Lenovo Thinkstation P500	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P700 Firmware	Before a5ktaba

Running on/with	Platform Versions
Lenovo Thinkstation P700	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P900 Firmware	Before a6ktaba

Running on/with	Platform Versions
Lenovo Thinkstation P900	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://support.lenovo.com/us/en/product_security/LEN-67440

Source: psirt@lenovo.com

Vendor Advisory

https://support.lenovo.com/us/en/product_security/LEN-67440

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.