CVE-2021-3843
moderate-risk
Published 2021-11-12
A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.
Do I need to act?
-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.7/10
Medium
LOCAL
/ LOW complexity
Affected Products (20)
Thinkpad 11E 3Rd Gen Firmware
Thinkpad 11E 3Rd Gen Firmware
Thinkpad 11E 4Th Gen I3 Firmware
Thinkpad 11E 4Th Gen I7 Firmware
Thinkpad 11E 4Th Gen I5 Firmware
Thinkpad 11E 4Th Gen Celeron Firmware
Thinkpad 11E Yoga Gen 6 Firmware
Thinkpad 13 Gen 2 Firmware
Thinkpad L13 Firmware
Thinkpad L13 Gen 2 Firmware
Thinkpad L13 Gen 2 Firmware
Thinkpad L13 Yoga Firmware
Thinkpad L13 Yoga Gen 2 Firmware
Thinkpad L13 Yoga Gen 2 Firmware
Thinkpad L14 Gen 1 Firmware
Thinkpad L14 Firmware
Thinkpad L15 Gen 1 Firmware
Thinkpad L15 Firmware
Thinkpad L380 Firmware
Thinkpad L380 Yoga Firmware
Affected Vendors
References (2)
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-72619
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-72619
44
/ 100
moderate-risk
Severity
21/34 · High
Exploitability
0/34 · Minimal
Exposure
23/34 · High