CVE-2021-3462 | Severity.io

Description

A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.

Related CPE's

power_management_driver

Vulnerable

thinkpad_11e_gen_5

thinkpad_11e_yoga_gen_6

thinkpad_13_gen_2

thinkpad_e14_gen2

thinkpad_e15_gen2

thinkpad_l13_gen_1

thinkpad_l13_gen_2

thinkpad_l13_yoga

thinkpad_l13_yoga_gen_1

thinkpad_l13_yoga_gen_2

thinkpad_l14_gen_1

thinkpad_l14_gen_2

thinkpad_l15_gen_1

thinkpad_l15_gen_2

thinkpad_l380_yoga

thinkpad_l390_yoga

thinkpad_p1_gen_2

thinkpad_p1_gen_3

thinkpad_p14s_gen_1

thinkpad_p14s_gen_2

thinkpad_p15_gen_1

thinkpad_p15s_gen_1

thinkpad_p15s_gen_2

thinkpad_p15v_gen_1

thinkpad_p17_gen_1

thinkpad_r14_gen_2

thinkpad_s1_gen_4

thinkpad_s2_gen_2

thinkpad_s2_gen_5

thinkpad_s2_gen_6

thinkpad_s2_yoga_gen_5

thinkpad_s2_yoga_gen_6

thinkpad_s3_gen_2

thinkpad_s5_gen_2

thinkpad_t14_gen_1

thinkpad_t14_gen_2

thinkpad_t14s_gen_1

thinkpad_t14s_gen_2i

thinkpad_t15_gen_1

thinkpad_t15_gen_2

thinkpad_t15g_gen_1

thinkpad_t15p_gen_1

thinkpad_x1_carbon_gen_5

thinkpad_x1_carbon_gen_6

thinkpad_x1_carbon_gen_7

thinkpad_x1_carbon_gen_8

thinkpad_x1_carbon_gen_9

thinkpad_x1_extreme

thinkpad_x1_extreme_2nd

thinkpad_x1_extreme_gen_3

thinkpad_x1_nano_gen_1

thinkpad_x1_tablet_gen_2

thinkpad_x1_tablet_gen_3

thinkpad_x1_titanium_gen_1

thinkpad_x1_yoga_gen_2

thinkpad_x1_yoga_gen_3

thinkpad_x1_yoga_gen_4

thinkpad_x1_yoga_gen_5

thinkpad_x1_yoga_gen_6

thinkpad_x13_gen_1

thinkpad_x13_gen_2i

thinkpad_x13_yoga_gen_1

thinkpad_x13_yoga_gen_2

thinkpad_x380_yoga

thinkpad_x390_yoga

thinkpad_yoga_11e_gen_5

thinkpad_yoga_370

References

https://support.lenovo.com/us/en/product_security/LEN-59174

Vendor Advisory

https://support.lenovo.com/us/en/product_security/LEN-59174

Vendor Advisory

Weaknesses

[email protected]

Secondary

CWE-276

[email protected]

Primary

NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.5 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-04-13T19:15:25.193Z

4 years ago

Last modified

2024-11-21T05:21:36.003Z

1 year ago