Race Condition Vulnerability in Lenovo System Interface Foundation
CVE-2021-3922

7.8HIGH

Key Information:

Vendor: Lenovo
Status: Imcontroller
Vendor: CVE Published:; 18 May 2022

Summary

A race condition vulnerability exists in the IMController component of Lenovo's System Interface Foundation, which is present in versions prior to 1.1.20.3. This vulnerability could enable a local attacker to exploit the system by connecting to and manipulating the named pipe of the IMController child process, potentially compromising system integrity and user data.

Affected Version(s)

IMController < 1.1.20.3

References

https://support.lenovo.com/us/en/product_security/LEN-75210

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 18, 2022
Vulnerability Reserved
Nov 2, 2021

Credit

Lenovo thanks Rick Veldhoven from Fox-IT, part of NCC Group for reporting this issue.