7.2

CVE-2021-3843

A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Data is provided by the National Vulnerability Database (NVD)
LenovoThinkpad 11e 3rd Gen Firmware SwEditionbraswell Version <= 1.22
   LenovoThinkpad 11e 3rd Gen Version-
LenovoThinkpad 11e 3rd Gen Firmware SwEditionskylate Version <= 1.29
   LenovoThinkpad 11e 3rd Gen Version-
LenovoThinkpad 13 Gen 2 Firmware Version <= 1.29
   LenovoThinkpad 13 Gen 2 Version-
LenovoThinkpad L13 Firmware Version <= 1.31
   LenovoThinkpad L13 Version-
LenovoThinkpad L13 Gen 2 Firmware SwEditionnon-vpro Version <= 1.11
   LenovoThinkpad L13 Gen 2 Version-
LenovoThinkpad L13 Gen 2 Firmware SwEditionvpro Version <= 1.08
   LenovoThinkpad L13 Gen 2 Version-
LenovoThinkpad L13 Yoga Firmware Version <= 1.31
   LenovoThinkpad L13 Yoga Version-
LenovoThinkpad L13 Yoga Gen 2 Firmware SwEditionnon-vpro Version <= 1.11
   LenovoThinkpad L13 Yoga Gen 2 Version-
LenovoThinkpad L13 Yoga Gen 2 Firmware SwEditionvpro Version <= 1.08
   LenovoThinkpad L13 Yoga Gen 2 Version-
LenovoThinkpad L14 Gen 1 Firmware Version < 1.15
   LenovoThinkpad L14 Gen 1 Version-
LenovoThinkpad L14 Firmware Version < 1.20.1.17
   LenovoThinkpad L14 Version-
LenovoThinkpad L15 Gen 1 Firmware Version < 1.15
   LenovoThinkpad L15 Gen 1 Version-
LenovoThinkpad L15 Firmware Version < 1.20.1.17
   LenovoThinkpad L15 Version-
LenovoThinkpad L380 Firmware Version <= 1.26
   LenovoThinkpad L380 Version-
LenovoThinkpad L380 Yoga Firmware Version <= 1.26
   LenovoThinkpad L380 Yoga Version-
LenovoThinkpad L390 Yoga Firmware Version <= 1.35
   LenovoThinkpad L390 Yoga Version-
LenovoThinkpad L390 Firmware Version <= 1.35
   LenovoThinkpad L390 Version-
LenovoThinkpad S5 2nd Gen Firmware Version <= 1.28
   LenovoThinkpad S5 2nd Gen Version-
LenovoThinkpad T460 Firmware Version <= 1.43.1.11
   LenovoThinkpad T460 Version-
LenovoThinkpad S2 Gen 6 Firmware Version <= 2021-09-30
   LenovoThinkpad S2 Gen 6 Version-
LenovoThinkpad S2 Yoga Gen 6 Firmware Version <= 2021-09-30
   LenovoThinkpad S2 Yoga Gen 6 Version-
LenovoThinkpad X260 Firmware Version <= 1.47\/1.15
   LenovoThinkpad X260 Version-
LenovoThinkpad X380 Yoga Firmware Version <= 1.34
   LenovoThinkpad X380 Yoga Version-
LenovoThinkpad X390 Yoga Firmware Version < n2let87w
   LenovoThinkpad X390 Yoga Version-
LenovoThinkpad 11e 5th Gen Firmware Version <= 1.13
   LenovoThinkpad 11e 5th Gen Version-
LenovoThinkpad 11e 5th Gen Firmware Version <= 1.13
   LenovoThinkpad Yoga 370 Version-
LenovoThinkpad X1 Fold Gen 1 Firmware Version < n2pet50w
   LenovoThinkpad X1 Fold Gen 1 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.04% 0.078
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
psirt@lenovo.com 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.