Vulnerabilities > CVE-2021-3452 - Unspecified vulnerability in Lenovo Bios

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

lenovo

NVD

Published: 2021-07-16

Updated: 2021-07-27

Summary

A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Vulnerable Configurations

Part	Description	Count
OS	Lenovo Lenovo Bios -	1
Hardware	Lenovo Lenovo Thinkpad 11E 3RD GEN - Lenovo Thinkpad 11E 4TH GEN - Lenovo Thinkpad 11E 5TH GEN - Lenovo Thinkpad 11E Yoga GEN 6 - Lenovo Thinkpad 13 GEN 2 - Lenovo Thinkpad E14 GEN 2 - Lenovo Thinkpad E15 GEN 2 - Lenovo Thinkpad L13 - Lenovo Thinkpad L13 GEN 2 - Lenovo Thinkpad L13 Yoga - Lenovo Thinkpad L13 Yogo GEN 2 - Lenovo Thinkpad T460 - Lenovo Thinkpad X260 - Lenovo Thinkpad L380 Yoga - Lenovo Thinkpad L380 - Lenovo Thinkpad Yoga 370 - Lenovo Thinkpad X380 Yoga - Lenovo Thinkpad L390 Yoga - Lenovo Thinkpad L390 - Lenovo Thinkpad Yoga 11E 3RD GEN - Lenovo Thinkpad Yoga 11E 4TH GEN - Lenovo Thinkpad L14 GEN 2 - Lenovo Thinkpad L15 GEN 2 - Lenovo Thinkpad L14 - Lenovo Thinkpad L15 - Lenovo Thinkpad X12 Detachable GEN 1 -	26

References

https://support.lenovo.com/us/en/product_security/LEN-65529