CVE-2021-3719
Summary
| CVE | CVE-2021-3719 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-11-12 22:15:00 UTC |
| Updated | 2021-11-19 21:57:00 UTC |
| Description | A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Lenovo | Thinkcentre E93 | - | All | All | All |
| Operating System | Lenovo | Thinkcentre E93 Firmware | All | All | All | All |
| Hardware | Lenovo | Thinkcentre M4500q | - | All | All | All |
| Operating System | Lenovo | Thinkcentre M4500q Firmware | All | All | All | All |
| Hardware | Lenovo | Thinkcentre M600 | - | All | All | All |
| Operating System | Lenovo | Thinkcentre M600 Firmware | All | All | All | All |
| Hardware | Lenovo | Thinkcentre M6500t/s | - | All | All | All |
| Operating System | Lenovo | Thinkcentre M6500t/s Firmware | All | All | All | All |
| Hardware | Lenovo | Thinkcentre M700 Tiny | - | All | All | All |
| Operating System | Lenovo | Thinkcentre M700 Tiny Firmware | All | All | All | All |
| Hardware | Lenovo | Thinkcentre M73 | - | All | All | All |
| Hardware | Lenovo | Thinkcentre M73p | - | All | All | All |
| Operating System | Lenovo | Thinkcentre M73p Firmware | All | All | All | All |
| Operating System | Lenovo | Thinkcentre M73 Firmware | All | All | All | All |
| Hardware | Lenovo | Thinkcentre M800 | - | All | All | All |
| Operating System | Lenovo | Thinkcentre M800 Firmware | All | All | All | All |
| Hardware | Lenovo | Thinkcentre M818z | - | All | All | All |
| Operating System | Lenovo | Thinkcentre M818z Firmware | All | All | All | All |
| Hardware | Lenovo | Thinkcentre M83 | - | All | All | All |
| Operating System | Lenovo | Thinkcentre M83 Firmware | All | All | All | All |
| Hardware | Lenovo | Thinkcentre M8500t/s | - | All | All | All |
| Operating System | Lenovo | Thinkcentre M8500t/s Firmware | All | All | All | All |
| Hardware | Lenovo | Thinkcentre M900 | - | All | All | All |
| Hardware | Lenovo | Thinkcentre M900x | - | All | All | All |
| Operating System | Lenovo | Thinkcentre M900x Firmware | All | All | All | All |
| Operating System | Lenovo | Thinkcentre M900 Firmware | All | All | All | All |
| Hardware | Lenovo | Thinkcentre M93 | - | All | All | All |
| Hardware | Lenovo | Thinkcentre M93p | - | All | All | All |
| Operating System | Lenovo | Thinkcentre M93p Firmware | All | All | All | All |
| Operating System | Lenovo | Thinkcentre M93 Firmware | All | All | All | All |
| Hardware | Lenovo | Thinkcentre X1 | - | All | All | All |
| Operating System | Lenovo | Thinkcentre X1 Firmware | All | All | All | All |
| Hardware | Lenovo | Thinkstation P300 | - | All | All | All |
| Operating System | Lenovo | Thinkstation P300 Firmware | All | All | All | All |
| Hardware | Lenovo | Thinkstation P500 | - | All | All | All |
| Operating System | Lenovo | Thinkstation P500 Firmware | All | All | All | All |
| Hardware | Lenovo | Thinkstation P700 | - | All | All | All |
| Operating System | Lenovo | Thinkstation P700 Firmware | All | All | All | All |
| Hardware | Lenovo | Thinkstation P900 | - | All | All | All |
| Operating System | Lenovo | Thinkstation P900 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Multi-vendor BIOS Security Vulnerabilities (September 2021) - Lenovo Support DE | CONFIRM | support.lenovo.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Lenovo thanks Jiawei Yin(@yngweijw), Menghao Li, and Chengxi, Chen of IIE varas for reporting this issue.
There are currently no legacy QID mappings associated with this CVE.