CVE-2021-3786 | Severity.io

Description

A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range.

Related CPE's

thinkpad_x380_yoga_firmware

Vulnerable

thinkpad_x380_yoga

thinkpad_x1_fold_gen_1_firmware

Vulnerable

thinkpad_x1_fold_gen_1

thinkpad_yoga_260_firmware

Vulnerable

thinkpad_yoga_260

thinkpad_yoga_11e_3rd_gen_firmware

Vulnerable

thinkpad_yoga_11e_3rd_gen

thinkpad_yoga_15_firmware

Vulnerable

thinkpad_yoga_15

thinkpad_yoga_370_firmware

Vulnerable

thinkpad_yoga_370

thinkpad_x12_detachable_gen_1_firmware

Vulnerable

thinkpad_x12_detachable_gen_1

thinkpad_x390_firmware

Vulnerable

thinkpad_yoga_11e_4th_gen_firmware

Vulnerable

thinkpad_yoga_11e_4th_gen

thinkpad_yoga_11e_5th_gen_firmware

Vulnerable

thinkpad_yoga_11e_5th_gen

thinkpad_x250_firmware

Vulnerable

thinkpad_x260_firmware

Vulnerable

thinkpad_x390_yoga_firmware

Vulnerable

thinkpad_x390_yoga

thinkpad_x280_firmware

Vulnerable

thinkpad_x1_titanium_firmware

Vulnerable

thinkpad_x1_titanium

thinkpad_x270_firmware

Vulnerable

thinkpad_x1_carbon_5th_gen_kabylake_firmware

Vulnerable

thinkpad_x1_carbon_5th_gen_kabylake

thinkpad_x13_gen_1_firmware

Vulnerable

thinkpad_x13_gen_1

thinkpad_x13_gen_2_firmware

Vulnerable

thinkpad_x13_gen_2

thinkpad_x13_yoga_gen_1_firmware

Vulnerable

thinkpad_x13_yoga_gen_1

thinkpad_x13_yoga_gen_2_firmware

Vulnerable

thinkpad_x13_yoga_gen_2

thinkpad_x1_carbon_5th_gen_skylake_firmware

Vulnerable

thinkpad_x1_carbon_5th_gen_skylake

thinkpad_x1_yoga_1st_gen_firmware

Vulnerable

thinkpad_x1_yoga_1st_gen

thinkpad_x1_yoga_3rd_gen_firmware

Vulnerable

thinkpad_x1_yoga_3rd_gen

o

lenovo

thinkpad_x1_yoga_4th_gen_firmware

2

h

lenovo

thinkpad_x1_yoga_4th_gen

2

thinkpad_x1_yoga_gen_5_firmware

Vulnerable

thinkpad_x1_yoga_gen_5

thinkpad_x1_carbon_4th_gen_firmware

Vulnerable

thinkpad_x1_carbon_4th_gen

thinkpad_10_firmware

Vulnerable

thinkpad_x1_nano_gen_1_firmware

Vulnerable

thinkpad_x1_nano_gen_1

thinkpad_x1_extreme_firmware

Vulnerable

thinkpad_x1_extreme

thinkpad_x1_extreme_2nd_firmware

Vulnerable

thinkpad_x1_extreme_2nd

thinkpad_x1_extreme_gen_3_firmware

Vulnerable

thinkpad_x1_extreme_gen_3

thinkpad_t460s_firmware

Vulnerable

thinkpad_s2_gen_6_firmware

Vulnerable

thinkpad_s2_gen_6

thinkpad_x1_carbon_gen_6_firmware

Vulnerable

thinkpad_x1_carbon_gen_6

o

lenovo

thinkpad_x1_carbon_gen_7_firmware

2

h

lenovo

thinkpad_x1_carbon_gen_7

2

o

lenovo

thinkpad_x1_carbon_gen_8_firmware

2

h

lenovo

thinkpad_x1_carbon_gen_8

2

thinkpad_t560_firmware

Vulnerable

thinkpad_t460p_firmware

Vulnerable

thinkpad_w550s_firmware

Vulnerable

thinkpad_t590_firmware

Vulnerable

thinkpad_t570_firmware

Vulnerable

thinkpad_s2_yoga_gen_6_firmware

Vulnerable

thinkpad_s2_yoga_gen_6

thinkpad_t480_firmware

Vulnerable

thinkpad_x1_tablet_firmware

Vulnerable

thinkpad_x1_tablet

thinkpad_t550_firmware

Vulnerable

thinkpad_x1_carbon_3rd_gen_firmware

Vulnerable

thinkpad_x1_carbon_3rd_gen

thinkpad_x1_tablet_gen_2_firmware

Vulnerable

thinkpad_x1_tablet_gen_2

thinkpad_x1_tablet_gen_3_firmware

Vulnerable

thinkpad_x1_tablet_gen_3

thinkpad_t580_firmware

Vulnerable

thinkpad_t480s_firmware

Vulnerable

thinkpad_t15_firmware

Vulnerable

thinkpad_t460_firmware

Vulnerable

thinkpad_t470_firmware

Vulnerable

thinkpad_t490_firmware

Vulnerable

thinkpad_t490s_firmware

Vulnerable

thinkpad_t14s_gen_2_firmware

Vulnerable

thinkpad_t14s_gen_2

thinkpad_t14s_firmware

Vulnerable

thinkpad_t470p_firmware

Vulnerable

thinkpad_t470s_firmware

Vulnerable

thinkpad_p71_firmware

Vulnerable

thinkpad_t440p_firmware

Vulnerable

thinkpad_t15_gen_2_firmware

Vulnerable

thinkpad_t15_gen_2

thinkpad_t15p_gen_1_firmware

Vulnerable

thinkpad_t15p_gen_1

thinkpad_p70_firmware

Vulnerable

thinkpad_t15g_gen_1_firmware

Vulnerable

thinkpad_t15g_gen_1

thinkpad_t14_gen_1_firmware

Vulnerable

thinkpad_t14_gen_1

thinkpad_t14_gen_2_firmware

Vulnerable

thinkpad_t14_gen_2

thinkpad_p73_firmware

Vulnerable

thinkpad_s540_firmware

Vulnerable

thinkpad_p72_firmware

Vulnerable

thinkpad_l380_firmware

Vulnerable

thinkpad_s5_2nd_gen_firmware

Vulnerable

thinkpad_s5_2nd_gen

thinkpad_p15v_gen_1_firmware

Vulnerable

thinkpad_p15v_gen_1

thinkpad_p53_firmware

Vulnerable

thinkpad_p53s_firmware

Vulnerable

thinkpad_p43s_firmware

Vulnerable

thinkpad_p51_firmware

Vulnerable

thinkpad_p51s_firmware

Vulnerable

thinkpad_p50_firmware

Vulnerable

thinkpad_p52_firmware

Vulnerable

thinkpad_p52s_firmware

Vulnerable

thinkpad_p50s_firmware

Vulnerable

thinkpad_l570_firmware

Vulnerable

thinkpad_p17_gen_1_firmware

Vulnerable

thinkpad_p17_gen_1

thinkpad_l580_firmware

Vulnerable

thinkpad_p14s_gen_1_firmware

Vulnerable

thinkpad_p14s_gen_1

thinkpad_p14s_gen_2_firmware

Vulnerable

thinkpad_p14s_gen_2

thinkpad_p15_gen_1_firmware

Vulnerable

thinkpad_p15_gen_1

thinkpad_p15s_gen_1_firmware

Vulnerable

thinkpad_p15s_gen_1

thinkpad_p15s_gen_2_firmware

Vulnerable

thinkpad_p15s_gen_2

thinkpad_l590_firmware

Vulnerable

thinkpad_l380_yoga_firmware

Vulnerable

thinkpad_l380_yoga

thinkpad_l490_firmware

Vulnerable

thinkpad_l560_firmware

Vulnerable

thinkpad_p1_firmware

Vulnerable

thinkpad_p1_gen_2_firmware

Vulnerable

thinkpad_p1_gen_2

thinkpad_p1_gen_3_firmware

Vulnerable

thinkpad_p1_gen_3

thinkpad_l480_firmware

Vulnerable

thinkpad_l470_firmware

Vulnerable

thinkpad_l460_firmware

Vulnerable

thinkpad_e490_firmware

Vulnerable

thinkpad_helix_firmware

Vulnerable

thinkpad_l390_firmware

Vulnerable

thinkpad_l390_yoga_firmware

Vulnerable

thinkpad_l390_yoga

thinkpad_e15_gen_3_firmware

Vulnerable

thinkpad_e15_gen_3

thinkpad_l14_firmware

Vulnerable

thinkpad_l13_gen_2_firmware

Vulnerable

thinkpad_l13_gen_2

thinkpad_l15_firmware

Vulnerable

thinkpad_l15_gen_2_firmware

Vulnerable

thinkpad_l15_gen_2

thinkpad_l13_firmware

Vulnerable

thinkpad_e14_gen_3_firmware

Vulnerable

thinkpad_e14_gen_3

thinkpad_e590_firmware

Vulnerable

thinkpad_e580_firmware

Vulnerable

thinkpad_l13_yoga_gen_2_firmware

Vulnerable

thinkpad_l13_yoga_gen_2

thinkpad_e570_firmware

Vulnerable

thinkpad_l13_yoga_firmware

Vulnerable

thinkpad_l13_yoga

thinkpad_11e_3rd_gen_firmware

Vulnerable

thinkpad_11e_3rd_gen

thinkpad_e480_firmware

Vulnerable

thinkpad_e14_firmware

Vulnerable

thinkpad_e470_firmware

Vulnerable

thinkpad_e15_firmware

Vulnerable

thinkpad_e15_gen_2_firmware

Vulnerable

thinkpad_e15_gen_2

thinkpad_25_firmware

Vulnerable

thinkpad_e14_gen_2_firmware

Vulnerable

thinkpad_e14_gen_2

thinkpad_13_gen_2_firmware

Vulnerable

thinkpad_13_gen_2

thinkpad_11e_4th_gen_firmware

Vulnerable

thinkpad_11e_4th_gen

thinkpad_11e_yoga_gen_6_firmware

Vulnerable

thinkpad_11e_yoga_gen_6

ideapad_s940-14iwl_firmware

Vulnerable

ideapad_s940-14iwl

ideapad_yoga_s940-14iwl_firmware

Vulnerable

ideapad_yoga_s940-14iwl

v330-15isk_firmware

Vulnerable

v330-15ikb_firmware

Vulnerable

v130-15igm_firmware

Vulnerable

References

https://support.lenovo.com/us/en/product_security/LEN-67440

PatchVendor Advisory

Weaknesses

[email protected]

Primary

NVD-CWE-noinfo

[email protected]

Secondary

CWE-20

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.5 · Medium

CVSS V3.1
CVSS V3.0
CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-11-12T22:15:08.110

3 years ago

Last modified

2021-11-26T17:23:52.890

3 years ago