CVE-2021-3843
published 2021-11-12CVE-2021-3843: A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to…
medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lenovo | thinkpad_11e_3rd_gen_firmware | <= 1.22 | — |
| lenovo | thinkpad_11e_3rd_gen_firmware | <= 1.29 | — |
| lenovo | thinkpad_11e_4th_gen_celeron_firmware | <= 1.27 | — |
| lenovo | thinkpad_11e_4th_gen_i3_firmware | <= 1.22 | — |
| lenovo | thinkpad_11e_4th_gen_i5_firmware | <= 1.22 | — |
| lenovo | thinkpad_11e_4th_gen_i7_firmware | <= 1.22 | — |
| lenovo | thinkpad_11e_5th_gen_firmware | <= 1.13 | — |
| lenovo | thinkpad_11e_yoga_gen_6_firmware | <= 1.12 | — |
| lenovo | thinkpad_13_gen_2_firmware | <= 1.29 | — |
| lenovo | thinkpad_bios | — | — |
| lenovo | thinkpad_l13_firmware | <= 1.31 | — |
| lenovo | thinkpad_l13_gen_2_firmware | <= 1.11 | — |
| lenovo | thinkpad_l13_gen_2_firmware | <= 1.08 | — |
| lenovo | thinkpad_l13_yoga_firmware | <= 1.31 | — |
| lenovo | thinkpad_l13_yoga_gen_2_firmware | <= 1.11 | — |
| lenovo | thinkpad_l13_yoga_gen_2_firmware | <= 1.08 | — |
| lenovo | thinkpad_l14_firmware | < 1.20.1.17 | 1.20.1.17 |
| lenovo | thinkpad_l14_gen_1_firmware | < 1.15 | 1.15 |
| lenovo | thinkpad_l15_firmware | < 1.20.1.17 | 1.20.1.17 |
| lenovo | thinkpad_l15_gen_1_firmware | < 1.15 | 1.15 |
| lenovo | thinkpad_l380_firmware | <= 1.26 | — |
| lenovo | thinkpad_l380_yoga_firmware | <= 1.26 | — |
| lenovo | thinkpad_l390_firmware | <= 1.35 | — |
| lenovo | thinkpad_l390_yoga_firmware | <= 1.35 | — |
| lenovo | thinkpad_s2_gen_6_firmware | <= 2021-09-30 | — |