CVE-2021-3843
Severity Score
6.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.
Una posible vulnerabilidad en la función SMI para acceder a la EEPROM en algunos modelos de ThinkPad puede permitir a un atacante con acceso local y privilegios elevados ejecutar código arbitrario
*Credits:
Lenovo thanks Jiawei Yin(@yngweijw) and Menghao Li of IIE varas.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-09-30 CVE Reserved
- 2021-11-12 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-72619 | 2021-11-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lenovo Search vendor "Lenovo" | Thinkpad 11e 3rd Gen Firmware Search vendor "Lenovo" for product "Thinkpad 11e 3rd Gen Firmware" | <= 1.22 Search vendor "Lenovo" for product "Thinkpad 11e 3rd Gen Firmware" and version " <= 1.22" | braswell |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad 11e 3rd Gen Search vendor "Lenovo" for product "Thinkpad 11e 3rd Gen" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad 11e 3rd Gen Firmware Search vendor "Lenovo" for product "Thinkpad 11e 3rd Gen Firmware" | <= 1.29 Search vendor "Lenovo" for product "Thinkpad 11e 3rd Gen Firmware" and version " <= 1.29" | skylate |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad 11e 3rd Gen Search vendor "Lenovo" for product "Thinkpad 11e 3rd Gen" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad 11e 4th Gen I3 Firmware Search vendor "Lenovo" for product "Thinkpad 11e 4th Gen I3 Firmware" | <= 1.22 Search vendor "Lenovo" for product "Thinkpad 11e 4th Gen I3 Firmware" and version " <= 1.22" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad 11e 4th Gen I3 Search vendor "Lenovo" for product "Thinkpad 11e 4th Gen I3" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad 11e 4th Gen I7 Firmware Search vendor "Lenovo" for product "Thinkpad 11e 4th Gen I7 Firmware" | <= 1.22 Search vendor "Lenovo" for product "Thinkpad 11e 4th Gen I7 Firmware" and version " <= 1.22" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad 11e 4th Gen I7 Search vendor "Lenovo" for product "Thinkpad 11e 4th Gen I7" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad 11e 4th Gen I5 Firmware Search vendor "Lenovo" for product "Thinkpad 11e 4th Gen I5 Firmware" | <= 1.22 Search vendor "Lenovo" for product "Thinkpad 11e 4th Gen I5 Firmware" and version " <= 1.22" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad 11e 4th Gen I5 Search vendor "Lenovo" for product "Thinkpad 11e 4th Gen I5" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad 11e 4th Gen Celeron Firmware Search vendor "Lenovo" for product "Thinkpad 11e 4th Gen Celeron Firmware" | <= 1.27 Search vendor "Lenovo" for product "Thinkpad 11e 4th Gen Celeron Firmware" and version " <= 1.27" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad 11e 4th Gen Celeron Search vendor "Lenovo" for product "Thinkpad 11e 4th Gen Celeron" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad 11e Yoga Gen 6 Firmware Search vendor "Lenovo" for product "Thinkpad 11e Yoga Gen 6 Firmware" | <= 1.12 Search vendor "Lenovo" for product "Thinkpad 11e Yoga Gen 6 Firmware" and version " <= 1.12" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad 11e Yoga Gen 6 Search vendor "Lenovo" for product "Thinkpad 11e Yoga Gen 6" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad 13 Gen 2 Firmware Search vendor "Lenovo" for product "Thinkpad 13 Gen 2 Firmware" | <= 1.29 Search vendor "Lenovo" for product "Thinkpad 13 Gen 2 Firmware" and version " <= 1.29" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad 13 Gen 2 Search vendor "Lenovo" for product "Thinkpad 13 Gen 2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad L13 Firmware Search vendor "Lenovo" for product "Thinkpad L13 Firmware" | <= 1.31 Search vendor "Lenovo" for product "Thinkpad L13 Firmware" and version " <= 1.31" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad L13 Search vendor "Lenovo" for product "Thinkpad L13" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad L13 Gen 2 Firmware Search vendor "Lenovo" for product "Thinkpad L13 Gen 2 Firmware" | <= 1.11 Search vendor "Lenovo" for product "Thinkpad L13 Gen 2 Firmware" and version " <= 1.11" | non-vpro |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad L13 Gen 2 Search vendor "Lenovo" for product "Thinkpad L13 Gen 2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad L13 Gen 2 Firmware Search vendor "Lenovo" for product "Thinkpad L13 Gen 2 Firmware" | <= 1.08 Search vendor "Lenovo" for product "Thinkpad L13 Gen 2 Firmware" and version " <= 1.08" | vpro |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad L13 Gen 2 Search vendor "Lenovo" for product "Thinkpad L13 Gen 2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad L13 Yoga Firmware Search vendor "Lenovo" for product "Thinkpad L13 Yoga Firmware" | <= 1.31 Search vendor "Lenovo" for product "Thinkpad L13 Yoga Firmware" and version " <= 1.31" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad L13 Yoga Search vendor "Lenovo" for product "Thinkpad L13 Yoga" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad L13 Yoga Gen 2 Firmware Search vendor "Lenovo" for product "Thinkpad L13 Yoga Gen 2 Firmware" | <= 1.11 Search vendor "Lenovo" for product "Thinkpad L13 Yoga Gen 2 Firmware" and version " <= 1.11" | non-vpro |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad L13 Yoga Gen 2 Search vendor "Lenovo" for product "Thinkpad L13 Yoga Gen 2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad L13 Yoga Gen 2 Firmware Search vendor "Lenovo" for product "Thinkpad L13 Yoga Gen 2 Firmware" | <= 1.08 Search vendor "Lenovo" for product "Thinkpad L13 Yoga Gen 2 Firmware" and version " <= 1.08" | vpro |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad L13 Yoga Gen 2 Search vendor "Lenovo" for product "Thinkpad L13 Yoga Gen 2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad L14 Gen 1 Firmware Search vendor "Lenovo" for product "Thinkpad L14 Gen 1 Firmware" | < 1.15 Search vendor "Lenovo" for product "Thinkpad L14 Gen 1 Firmware" and version " < 1.15" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad L14 Gen 1 Search vendor "Lenovo" for product "Thinkpad L14 Gen 1" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad L14 Firmware Search vendor "Lenovo" for product "Thinkpad L14 Firmware" | < 1.20.1.17 Search vendor "Lenovo" for product "Thinkpad L14 Firmware" and version " < 1.20.1.17" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad L14 Search vendor "Lenovo" for product "Thinkpad L14" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad L15 Gen 1 Firmware Search vendor "Lenovo" for product "Thinkpad L15 Gen 1 Firmware" | < 1.15 Search vendor "Lenovo" for product "Thinkpad L15 Gen 1 Firmware" and version " < 1.15" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad L15 Gen 1 Search vendor "Lenovo" for product "Thinkpad L15 Gen 1" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad L15 Firmware Search vendor "Lenovo" for product "Thinkpad L15 Firmware" | < 1.20.1.17 Search vendor "Lenovo" for product "Thinkpad L15 Firmware" and version " < 1.20.1.17" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad L15 Search vendor "Lenovo" for product "Thinkpad L15" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad L380 Firmware Search vendor "Lenovo" for product "Thinkpad L380 Firmware" | <= 1.26 Search vendor "Lenovo" for product "Thinkpad L380 Firmware" and version " <= 1.26" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad L380 Search vendor "Lenovo" for product "Thinkpad L380" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad L380 Yoga Firmware Search vendor "Lenovo" for product "Thinkpad L380 Yoga Firmware" | <= 1.26 Search vendor "Lenovo" for product "Thinkpad L380 Yoga Firmware" and version " <= 1.26" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad L380 Yoga Search vendor "Lenovo" for product "Thinkpad L380 Yoga" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad L390 Yoga Firmware Search vendor "Lenovo" for product "Thinkpad L390 Yoga Firmware" | <= 1.35 Search vendor "Lenovo" for product "Thinkpad L390 Yoga Firmware" and version " <= 1.35" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad L390 Yoga Search vendor "Lenovo" for product "Thinkpad L390 Yoga" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad L390 Firmware Search vendor "Lenovo" for product "Thinkpad L390 Firmware" | <= 1.35 Search vendor "Lenovo" for product "Thinkpad L390 Firmware" and version " <= 1.35" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad L390 Search vendor "Lenovo" for product "Thinkpad L390" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad S5 2nd Gen Firmware Search vendor "Lenovo" for product "Thinkpad S5 2nd Gen Firmware" | <= 1.28 Search vendor "Lenovo" for product "Thinkpad S5 2nd Gen Firmware" and version " <= 1.28" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad S5 2nd Gen Search vendor "Lenovo" for product "Thinkpad S5 2nd Gen" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad T460 Firmware Search vendor "Lenovo" for product "Thinkpad T460 Firmware" | <= 1.43.1.11 Search vendor "Lenovo" for product "Thinkpad T460 Firmware" and version " <= 1.43.1.11" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad T460 Search vendor "Lenovo" for product "Thinkpad T460" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad S2 Gen 6 Firmware Search vendor "Lenovo" for product "Thinkpad S2 Gen 6 Firmware" | <= 2021-09-30 Search vendor "Lenovo" for product "Thinkpad S2 Gen 6 Firmware" and version " <= 2021-09-30" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad S2 Gen 6 Search vendor "Lenovo" for product "Thinkpad S2 Gen 6" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad S2 Yoga Gen 6 Firmware Search vendor "Lenovo" for product "Thinkpad S2 Yoga Gen 6 Firmware" | <= 2021-09-30 Search vendor "Lenovo" for product "Thinkpad S2 Yoga Gen 6 Firmware" and version " <= 2021-09-30" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad S2 Yoga Gen 6 Search vendor "Lenovo" for product "Thinkpad S2 Yoga Gen 6" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad X12 Detachable Gen 1 Firmware Search vendor "Lenovo" for product "Thinkpad X12 Detachable Gen 1 Firmware" | < 1.16 Search vendor "Lenovo" for product "Thinkpad X12 Detachable Gen 1 Firmware" and version " < 1.16" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad X12 Detachable Gen 1 Search vendor "Lenovo" for product "Thinkpad X12 Detachable Gen 1" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad X260 Firmware Search vendor "Lenovo" for product "Thinkpad X260 Firmware" | <= 1.47\/1.15 Search vendor "Lenovo" for product "Thinkpad X260 Firmware" and version " <= 1.47\/1.15" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad X260 Search vendor "Lenovo" for product "Thinkpad X260" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad X380 Yoga Firmware Search vendor "Lenovo" for product "Thinkpad X380 Yoga Firmware" | <= 1.34 Search vendor "Lenovo" for product "Thinkpad X380 Yoga Firmware" and version " <= 1.34" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad X380 Yoga Search vendor "Lenovo" for product "Thinkpad X380 Yoga" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad X390 Yoga Firmware Search vendor "Lenovo" for product "Thinkpad X390 Yoga Firmware" | < n2let87w Search vendor "Lenovo" for product "Thinkpad X390 Yoga Firmware" and version " < n2let87w" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad X390 Yoga Search vendor "Lenovo" for product "Thinkpad X390 Yoga" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad 11e 5th Gen Firmware Search vendor "Lenovo" for product "Thinkpad 11e 5th Gen Firmware" | <= 1.13 Search vendor "Lenovo" for product "Thinkpad 11e 5th Gen Firmware" and version " <= 1.13" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad 11e 5th Gen Search vendor "Lenovo" for product "Thinkpad 11e 5th Gen" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad 11e 5th Gen Firmware Search vendor "Lenovo" for product "Thinkpad 11e 5th Gen Firmware" | <= 1.13 Search vendor "Lenovo" for product "Thinkpad 11e 5th Gen Firmware" and version " <= 1.13" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad Yoga 370 Search vendor "Lenovo" for product "Thinkpad Yoga 370" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad X1 Fold Gen 1 Firmware Search vendor "Lenovo" for product "Thinkpad X1 Fold Gen 1 Firmware" | < n2pet50w Search vendor "Lenovo" for product "Thinkpad X1 Fold Gen 1 Firmware" and version " < n2pet50w" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad X1 Fold Gen 1 Search vendor "Lenovo" for product "Thinkpad X1 Fold Gen 1" | - | - |
Safe
|