Description

A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Related CPE's

o

lenovo

thinkpad_11e_3rd_gen_firmware

2

h

lenovo

thinkpad_11e_3rd_gen

2

o

lenovo

thinkpad_11e_4th_gen_i3_firmware

Vulnerable

h

lenovo

thinkpad_11e_4th_gen_i3

-

o

lenovo

thinkpad_11e_4th_gen_i7_firmware

Vulnerable

h

lenovo

thinkpad_11e_4th_gen_i7

-

o

lenovo

thinkpad_11e_4th_gen_i5_firmware

Vulnerable

h

lenovo

thinkpad_11e_4th_gen_i5

-

o

lenovo

thinkpad_11e_4th_gen_celeron_firmware

Vulnerable

h

lenovo

thinkpad_11e_4th_gen_celeron

-

o

lenovo

thinkpad_11e_yoga_gen_6_firmware

Vulnerable

h

lenovo

thinkpad_11e_yoga_gen_6

-

o

lenovo

thinkpad_13_gen_2_firmware

Vulnerable

h

lenovo

thinkpad_13_gen_2

-

o

lenovo

thinkpad_l13_firmware

Vulnerable

h

lenovo

thinkpad_l13

-

o

lenovo

thinkpad_l13_gen_2_firmware

2

h

lenovo

thinkpad_l13_gen_2

2

o

lenovo

thinkpad_l13_yoga_firmware

Vulnerable

h

lenovo

thinkpad_l13_yoga

-

o

lenovo

thinkpad_l13_yoga_gen_2_firmware

2

h

lenovo

thinkpad_l13_yoga_gen_2

2

o

lenovo

thinkpad_l14_gen_1_firmware

Vulnerable

h

lenovo

thinkpad_l14_gen_1

-

o

lenovo

thinkpad_l14_firmware

Vulnerable

h

lenovo

thinkpad_l14

-

o

lenovo

thinkpad_l15_gen_1_firmware

Vulnerable

h

lenovo

thinkpad_l15_gen_1

-

o

lenovo

thinkpad_l15_firmware

Vulnerable

h

lenovo

thinkpad_l15

-

o

lenovo

thinkpad_l380_firmware

Vulnerable

h

lenovo

thinkpad_l380

-

o

lenovo

thinkpad_l380_yoga_firmware

Vulnerable

h

lenovo

thinkpad_l380_yoga

-

o

lenovo

thinkpad_l390_yoga_firmware

Vulnerable

h

lenovo

thinkpad_l390_yoga

-

o

lenovo

thinkpad_l390_firmware

Vulnerable

h

lenovo

thinkpad_l390

-

o

lenovo

thinkpad_s5_2nd_gen_firmware

Vulnerable

h

lenovo

thinkpad_s5_2nd_gen

-

o

lenovo

thinkpad_t460_firmware

Vulnerable

h

lenovo

thinkpad_t460

-

o

lenovo

thinkpad_s2_gen_6_firmware

Vulnerable

h

lenovo

thinkpad_s2_gen_6

-

o

lenovo

thinkpad_s2_yoga_gen_6_firmware

Vulnerable

h

lenovo

thinkpad_s2_yoga_gen_6

-

o

lenovo

thinkpad_x12_detachable_gen_1_firmware

Vulnerable

h

lenovo

thinkpad_x12_detachable_gen_1

-

o

lenovo

thinkpad_x260_firmware

Vulnerable

h

lenovo

thinkpad_x260

-

o

lenovo

thinkpad_x380_yoga_firmware

Vulnerable

h

lenovo

thinkpad_x380_yoga

-

o

lenovo

thinkpad_x390_yoga_firmware

Vulnerable

h

lenovo

thinkpad_x390_yoga

-

o

lenovo

thinkpad_11e_5th_gen_firmware

2

h

lenovo

thinkpad_11e_5th_gen

-

h

lenovo

thinkpad_yoga_370

-

o

lenovo

thinkpad_x1_fold_gen_1_firmware

Vulnerable

h

lenovo

thinkpad_x1_fold_gen_1

-

References

https://support.lenovo.com/us/en/product_security/LEN-72619

Vendor Advisory

Weaknesses

[email protected]

Primary
NVD-CWE-noinfo

[email protected]

Secondary
CWE-20

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-11-12T22:15:08.580

3 years ago

Last modified

2021-11-23T02:03:09.027

3 years ago