CVE-2021-3843 - OpenCVE

A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	Thinkpad 11e 4th Gen Celeron Thinkpad L15 Thinkpad S2 Gen 6 Thinkpad T460 Thinkpad 11e 4th Gen I5 Firmware Thinkpad X1 Fold Gen 1 Thinkpad L15 Firmware Thinkpad 11e 4th Gen Celeron Firmware Thinkpad L14 Firmware Thinkpad 11e Yoga Gen 6 Firmware Thinkpad X12 Detachable Gen 1 Firmware Thinkpad L13 Yoga Thinkpad L380 Yoga Firmware Thinkpad 13 Gen 2 Firmware Thinkpad X390 Yoga Firmware Thinkpad 11e 5th Gen Thinkpad L380 Yoga Thinkpad 11e 4th Gen I5 Thinkpad 11e 4th Gen I3 Firmware Thinkpad L390 Yoga Firmware Thinkpad 11e 4th Gen I7 Thinkpad 11e 4th Gen I3 Thinkpad L13 Firmware Thinkpad L14 Thinkpad L380 Thinkpad L13 Thinkpad S5 2nd Gen Firmware Thinkpad L13 Yoga Gen 2 Thinkpad 11e Yoga Gen 6 Thinkpad L14 Gen 1 Thinkpad L15 Gen 1 Thinkpad X260 Thinkpad L390 Thinkpad 11e 5th Gen Firmware Thinkpad L15 Gen 1 Firmware Thinkpad L13 Gen 2 Firmware Thinkpad L380 Firmware Thinkpad X380 Yoga Thinkpad X1 Fold Gen 1 Firmware Thinkpad X390 Yoga Thinkpad L13 Gen 2 Thinkpad 11e 3rd Gen Thinkpad X12 Detachable Gen 1 Thinkpad 11e 4th Gen I7 Firmware Thinkpad S2 Yoga Gen 6 Firmware Thinkpad Yoga 370 Thinkpad 11e 3rd Gen Firmware Thinkpad 13 Gen 2 Thinkpad X380 Yoga Firmware Thinkpad L390 Firmware Thinkpad L13 Yoga Gen 2 Firmware Thinkpad S5 2nd Gen Thinkpad S2 Gen 6 Firmware Thinkpad L14 Gen 1 Firmware Thinkpad T460 Firmware Thinkpad S2 Yoga Gen 6 Thinkpad X260 Firmware Thinkpad L13 Yoga Firmware Thinkpad L390 Yoga

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:thinkpad_11e_3rd_gen_firmware:*:*:*:*:braswell:*:*:*

cpe:2.3:h:lenovo:thinkpad_11e_3rd_gen:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:thinkpad_11e_3rd_gen_firmware:*:*:*:*:skylate:*:*:*

cpe:2.3:h:lenovo:thinkpad_11e_3rd_gen:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:thinkpad_11e_4th_gen_i3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_11e_4th_gen_i3:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:lenovo:thinkpad_11e_4th_gen_i7_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_11e_4th_gen_i7:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:lenovo:thinkpad_11e_4th_gen_i5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_11e_4th_gen_i5:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:lenovo:thinkpad_11e_4th_gen_celeron_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_11e_4th_gen_celeron:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:lenovo:thinkpad_11e_yoga_gen_6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_11e_yoga_gen_6:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:lenovo:thinkpad_13_gen_2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_13_gen_2:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:lenovo:thinkpad_l13_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_l13:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:lenovo:thinkpad_l13_gen_2_firmware:*:*:*:*:non-vpro:*:*:*

cpe:2.3:h:lenovo:thinkpad_l13_gen_2:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:lenovo:thinkpad_l13_gen_2_firmware:*:*:*:*:vpro:*:*:*

cpe:2.3:h:lenovo:thinkpad_l13_gen_2:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:lenovo:thinkpad_l13_yoga_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_l13_yoga:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:lenovo:thinkpad_l13_yoga_gen_2_firmware:*:*:*:*:non-vpro:*:*:*

cpe:2.3:h:lenovo:thinkpad_l13_yoga_gen_2:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:lenovo:thinkpad_l13_yoga_gen_2_firmware:*:*:*:*:vpro:*:*:*

cpe:2.3:h:lenovo:thinkpad_l13_yoga_gen_2:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:lenovo:thinkpad_l14_gen_1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_l14_gen_1:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:lenovo:thinkpad_l14_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_l14:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:lenovo:thinkpad_l15_gen_1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_l15_gen_1:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:lenovo:thinkpad_l15_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_l15:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:lenovo:thinkpad_l380_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_l380:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:lenovo:thinkpad_l380_yoga_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_l380_yoga:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:lenovo:thinkpad_l390_yoga_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_l390_yoga:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:lenovo:thinkpad_l390_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_l390:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:lenovo:thinkpad_s5_2nd_gen_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_s5_2nd_gen:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t460_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t460:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:lenovo:thinkpad_s2_gen_6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_s2_gen_6:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:lenovo:thinkpad_s2_yoga_gen_6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_6:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x12_detachable_gen_1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x12_detachable_gen_1:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x260_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x260:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x380_yoga_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x380_yoga:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x390_yoga_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x390_yoga:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:lenovo:thinkpad_11e_5th_gen_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_11e_5th_gen:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:lenovo:thinkpad_11e_5th_gen_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_yoga_370:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_fold_gen_1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_fold_gen_1:-:*:*:*:*:*:*:*

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-72619	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: lenovo

Published: 2021-11-12T22:05:56

Updated: 2021-11-12T22:05:56

Reserved: 2021-09-30T00:00:00

Link: CVE-2021-3843

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-11-12T22:15:08.580

Modified: 2021-11-23T02:03:09.027

Link: CVE-2021-3843

JSON object: View

Redhat Information

No data.

CWE