CVE-2021-3719 - OpenCVE

A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	Thinkcentre M93 Thinkstation P700 Firmware Thinkstation P900 Firmware Thinkcentre M73p Thinkcentre M900x Thinkcentre M73p Firmware Thinkstation P700 Thinkcentre M73 Firmware Thinkcentre X1 Firmware Thinkcentre M800 Firmware Thinkstation P500 Firmware Thinkcentre M800 Thinkstation P500 Thinkstation P900 Thinkcentre M93 Firmware Thinkcentre E93 Firmware Thinkcentre M93p Firmware Thinkcentre M83 Firmware Thinkcentre M700 Tiny Thinkcentre M900 Thinkcentre M6500t\/s Thinkstation P300 Firmware Thinkcentre E93 Thinkcentre M700 Tiny Firmware Thinkcentre M4500q Firmware Thinkcentre M6500t\/s Firmware Thinkcentre M900 Firmware Thinkcentre M818z Firmware Thinkcentre M900x Firmware Thinkcentre M8500t\/s Firmware Thinkstation P300 Thinkcentre M4500q Thinkcentre M818z Thinkcentre M8500t\/s Thinkcentre M73 Thinkcentre M83 Thinkcentre M93p Thinkcentre M600 Thinkcentre X1 Thinkcentre M600 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_e93_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_e93:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m600_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m600:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m700_tiny_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m700_tiny:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m73_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m73:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m73p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m73p:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m800:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m818z_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m818z:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m83_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m83:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m900:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m900x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m900x:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m93_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m93:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m93p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m93p:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m4500q_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m4500q:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m6500t\/s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m6500t\/s:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m8500t\/s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m8500t\/s:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_x1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_x1:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:lenovo:thinkstation_p300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_p300:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:lenovo:thinkstation_p500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_p500:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:lenovo:thinkstation_p700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_p700:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:lenovo:thinkstation_p900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_p900:-:*:*:*:*:*:*:*

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-67440	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: lenovo

Published: 2021-11-12T22:05:36

Updated: 2021-11-12T22:05:36

Reserved: 2021-08-18T00:00:00

Link: CVE-2021-3719

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-11-12T22:15:07.957

Modified: 2021-11-19T21:57:13.783

Link: CVE-2021-3719

JSON object: View

Redhat Information

No data.

CWE