CVE-2021-3599
MEDIUMLenovo ThinkPad Firmware - Authenticated Arbitrary Code Execution via SMI Callback Function
Title source: llmDescription
A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://support.lenovo.com/us/en/product_security/LEN-67440
Scores
CVSS v3
6.7
EPSS
0.0004
EPSS Percentile
11.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (50)
lenovo/ideapad_s940-14iwl_firmware
< 12.0.81.1753
lenovo/ideapad_yoga_s940-14iwl_firmware
< 12.0.81.1753
lenovo/thinkpad_10_firmware
< 2021-10-25
lenovo/thinkpad_11e_3rd_gen_firmware
< 2021-10-31
lenovo/thinkpad_11e_4th_gen_firmware
< 2021-10-31
lenovo/thinkpad_11e_yoga_gen_6_firmware
< 2021-10-31
lenovo/thinkpad_13_gen_2_firmware
< 2021-10-31
lenovo/thinkpad_25_firmware
< n1qet92w
lenovo/thinkpad_e14_firmware
< 2021-10-15
lenovo/thinkpad_e14_gen_2_firmware
< 2021-10-15
... and 40 more
Published
Nov 12, 2021
Tracked Since
Feb 18, 2026