Denial of Service Vulnerability in Lenovo ThinkPad Models
CVE-2021-3718

4.3MEDIUM

Key Information:

Vendor: Lenovo
Status: Thinkpad BiOS
Vendor: CVE Published:; 12 November 2021

Summary

A vulnerability exists in various Lenovo ThinkPad models that can lead to a denial of service, causing the system to become unresponsive. This issue is triggered when the Enhanced Biometrics feature is enabled in the BIOS settings. Users of affected ThinkPad models should take caution and review their BIOS configuration to mitigate potential disruptions in system performance.

Affected Version(s)

ThinkPad BIOS various

References

https://support.lenovo.com/us/en/product_security/LEN-72619

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2021
Vulnerability Reserved
Aug 18, 2021

Credit

Lenovo thanks Zoltan Harmarth for reporting this issue