Description
A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://support.lenovo.com/us/en/product_security/LEN-67440
Scores
CVSS v3
4.4
EPSS
0.0004
EPSS Percentile
13.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (50)
lenovo/ideapad_s940-14iwl_firmware
< 12.0.81.1753
lenovo/ideapad_yoga_s940-14iwl_firmware
< 12.0.81.1753
lenovo/thinkpad_10_firmware
< 2021-10-25
lenovo/thinkpad_11e_3rd_gen_firmware
< 2021-10-31
lenovo/thinkpad_11e_4th_gen_firmware
< 2021-10-31
lenovo/thinkpad_11e_yoga_gen_6_firmware
< 2021-10-31
lenovo/thinkpad_13_gen_2_firmware
< 2021-10-31
lenovo/thinkpad_25_firmware
< n1qet92w
lenovo/thinkpad_e14_firmware
< 2021-10-15
lenovo/thinkpad_e14_gen_2_firmware
< 2021-10-15
... and 40 more
Published
Nov 12, 2021
Tracked Since
Feb 18, 2026