CVE-2021-3786: A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data…

medium5.5CVSS 3.1

AVLACLPRLUINSUCHINAN

A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range.

Affected

137 ranges· showing 25

Vendor	Product	Version range	Fixed in
lenovo	ideapad_s940-14iwl_firmware	<= 12.0.81.1753	—
lenovo	ideapad_yoga_s940-14iwl_firmware	<= 12.0.81.1753	—
lenovo	notebook_and_thinkpad_bios	—	—
lenovo	thinkpad_10_firmware	< 2021-10-25	2021-10-25
lenovo	thinkpad_11e_3rd_gen_firmware	< 2021-10-31	2021-10-31
lenovo	thinkpad_11e_4th_gen_firmware	< 2021-10-31	2021-10-31
lenovo	thinkpad_11e_yoga_gen_6_firmware	< 2021-10-31	2021-10-31
lenovo	thinkpad_13_gen_2_firmware	< 2021-10-31	2021-10-31
lenovo	thinkpad_25_firmware	< n1qet92w	n1qet92w
lenovo	thinkpad_e14_firmware	<= 2021-10-15	—
lenovo	thinkpad_e14_gen_2_firmware	< 2021-10-15	2021-10-15
lenovo	thinkpad_e14_gen_3_firmware	< 2021-10-15	2021-10-15
lenovo	thinkpad_e15_firmware	< 2021-10-15	2021-10-15
lenovo	thinkpad_e15_gen_2_firmware	< 2021-10-15	2021-10-15
lenovo	thinkpad_e15_gen_3_firmware	< 2021-10-15	2021-10-15
lenovo	thinkpad_e470_firmware	< 2021-10-15	2021-10-15
lenovo	thinkpad_e480_firmware	< 2021-10-15	2021-10-15
lenovo	thinkpad_e490_firmware	< 2021-10-15	2021-10-15
lenovo	thinkpad_e570_firmware	< 2021-10-15	2021-10-15
lenovo	thinkpad_e580_firmware	< 2021-10-15	2021-10-15
lenovo	thinkpad_e590_firmware	< 2021-10-15	2021-10-15
lenovo	thinkpad_helix_firmware	< n17etb6w	n17etb6w
lenovo	thinkpad_l13_firmware	< 2021-10-31	2021-10-31
lenovo	thinkpad_l13_gen_2_firmware	< 2021-10-31	2021-10-31
lenovo	thinkpad_l13_yoga_firmware	< 2021-10-31	2021-10-31