CVE-2021-3969Time-of-check Time-of-use (TOCTOU) Race Condition in Lenovo Imcontroller

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition3 documents3 sources
Severity
7.0HIGHNVD
CNA7.8
EPSS
0.4%
top 38.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Lenovo ImcontrollerLenovo System Interface Foundation
Timeline
PublishedMay 18
Latest updateMay 19

Description

A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker to elevate privileges.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

CVEListV5lenovo/imcontrollerunspecified1.1.20.3

Patches

Patch: support.lenovo.comPatch: support.lenovo.com

🔴Vulnerability Details

2
GHSA
GHSA-v6hw-6vc6-j7hx: A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to2022-05-19
CVEList
CVE-2021-3969: A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to2022-05-18
CVE-2021-3969 — Lenovo Imcontroller vulnerability | cvebase