CVE-2021-3599: A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated…

medium6.7CVSS 3.1

AVLACLPRHUINSUCHIHAH

A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Affected

137 ranges· showing 25

Vendor	Product	Version range	Fixed in
lenovo	ideapad_s940-14iwl_firmware	<= 12.0.81.1753	—
lenovo	ideapad_yoga_s940-14iwl_firmware	<= 12.0.81.1753	—
lenovo	thinkpad_10_firmware	< 2021-10-25	2021-10-25
lenovo	thinkpad_11e_3rd_gen_firmware	< 2021-10-31	2021-10-31
lenovo	thinkpad_11e_4th_gen_firmware	< 2021-10-31	2021-10-31
lenovo	thinkpad_11e_yoga_gen_6_firmware	< 2021-10-31	2021-10-31
lenovo	thinkpad_13_gen_2_firmware	< 2021-10-31	2021-10-31
lenovo	thinkpad_25_firmware	< n1qet92w	n1qet92w
lenovo	thinkpad_bios	—	—
lenovo	thinkpad_e14_firmware	<= 2021-10-15	—
lenovo	thinkpad_e14_gen_2_firmware	< 2021-10-15	2021-10-15
lenovo	thinkpad_e14_gen_3_firmware	< 2021-10-15	2021-10-15
lenovo	thinkpad_e15_firmware	< 2021-10-15	2021-10-15
lenovo	thinkpad_e15_gen_2_firmware	< 2021-10-15	2021-10-15
lenovo	thinkpad_e15_gen_3_firmware	< 2021-10-15	2021-10-15
lenovo	thinkpad_e470_firmware	< 2021-10-15	2021-10-15
lenovo	thinkpad_e480_firmware	< 2021-10-15	2021-10-15
lenovo	thinkpad_e490_firmware	< 2021-10-15	2021-10-15
lenovo	thinkpad_e570_firmware	< 2021-10-15	2021-10-15
lenovo	thinkpad_e580_firmware	< 2021-10-15	2021-10-15
lenovo	thinkpad_e590_firmware	< 2021-10-15	2021-10-15
lenovo	thinkpad_helix_firmware	< n17etb6w	n17etb6w
lenovo	thinkpad_l13_firmware	< 2021-10-31	2021-10-31
lenovo	thinkpad_l13_gen_2_firmware	< 2021-10-31	2021-10-31
lenovo	thinkpad_l13_yoga_firmware	< 2021-10-31	2021-10-31