CVE-2021-3786
Description
A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range.
Related CPE's
CvssV3 impact
Version | 3.1 |
VectorString | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
AttackVector | LOCAL |
AttackComplexity | LOW |
PrivilegesRequired | LOW |
UserInteraction | NONE |
Scope | UNCHANGED |
ConfidentialityImpact | HIGH |
IntegrityImpact | NONE |
AvailabilityImpact | NONE |
BaseScore | 5.5 |
BaseSeverity | MEDIUM |
CvssV2 impact
Version | 2.0 |
VectorString | AV:L/AC:L/Au:N/C:P/I:N/A:N |
AccessVector | LOCAL |
AccessComplexity | LOW |
Authentication | NONE |
ConfidentialityImpact | PARTIAL |
IntegrityImpact | NONE |
AvailabilityImpact | NONE |
BaseScore | 2.0999999046325684 |