Local Code Execution Vulnerability in Lenovo ThinkCentre and ThinkStation Products
CVE-2021-3719

6.7MEDIUM

Key Information:

Vendor: Lenovo
Status: Thinkcentre And Thinkstation BiOS
Vendor: CVE Published:; 12 November 2021

Summary

A potential security flaw exists in the SMI callback function utilized for saving and restoring boot script tables in certain Lenovo ThinkCentre and ThinkStation models. This vulnerability could allow an attacker with local access and elevated privileges to execute arbitrary code, potentially compromising the system’s integrity and confidentiality. It is crucial for users to stay informed and take necessary precautions to mitigate risks associated with this vulnerability.

Affected Version(s)

ThinkCentre and ThinkStation BIOS various

References

https://support.lenovo.com/us/en/product_security/LEN-67440

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2021
Vulnerability Reserved
Aug 18, 2021

Credit

Lenovo thanks Jiawei Yin(@yngweijw), Menghao Li, and Chengxi, Chen of IIE varas for reporting this issue.