Description
A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.lenovo.com/us/en/product_security/LEN-67440
Scores
CVSS v3
6.7
EPSS
0.0004
EPSS Percentile
11.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (20)
lenovo/thinkcentre_e93_firmware
< fbktdfa
lenovo/thinkcentre_m4500q_firmware
< fhkt86a
lenovo/thinkcentre_m600_firmware
< m00kt65a
lenovo/thinkcentre_m6500t\/s_firmware
< fbktdfa
lenovo/thinkcentre_m700_tiny_firmware
< fwktb9a
lenovo/thinkcentre_m73_firmware
< fhkt86a
lenovo/thinkcentre_m73p_firmware
< fbktdfa
lenovo/thinkcentre_m800_firmware
< fwktb9a
lenovo/thinkcentre_m818z_firmware
< m1ekt23a
lenovo/thinkcentre_m83_firmware
< fbktdfa
... and 10 more
Published
Nov 12, 2021
Tracked Since
Feb 18, 2026