CVE-2021-3719 — Improper Input Validation in Lenovo Thinkcentre E93 Firmware

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.7MEDIUMNVD

EPSS

0.0%

top 88.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Thinkcentre E93 Firmware Lenovo Thinkcentre M4500q Firmware Lenovo Thinkcentre M600 Firmware +18 more

Timeline

PublishedNov 12

Latest updateMay 24

Description

A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages21 packages

▶CVEListV5lenovo/thinkcentre_and_thinkstation_biosvarious

▶NVDlenovo/thinkcentre_x1_firmware< m0hkt50a

▶NVDlenovo/thinkcentre_e93_firmware< fbktdfa

▶NVDlenovo/thinkcentre_m73_firmware< fhkt86a

▶NVDlenovo/thinkcentre_m83_firmware< fbktdfa

🔴Vulnerability Details

GHSA

GHSA-rrvf-m2c7-c86r: A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentr↗2022-05-24

▶

CVEList

CVE-2021-3719: A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentr↗2021-11-12

▶