Local Code Execution Flaw in Lenovo ThinkPad Models
CVE-2021-3452

6.7MEDIUM

Key Information:

Vendor: Lenovo
Status: Thinkpad BiOS
Vendor: CVE Published:; 16 July 2021

Summary

A potential vulnerability exists in the system shutdown SMI callback function within certain Lenovo ThinkPad models. This flaw may allow an attacker with local access and elevated privileges to execute arbitrary code, potentially compromising system integrity. Users are urged to review their security posture and apply necessary updates to mitigate risks associated with this vulnerability.

Affected Version(s)

ThinkPad BIOS various

References

https://support.lenovo.com/us/en/product_security/LEN-65529

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 16, 2021
Vulnerability Reserved
Mar 19, 2021

Credit

Lenovo thanks Binarly efiXplorer team for reporting these issues.