Lucene search

[email protected]CVE-2021-3786

HistoryNov 12, 2021 - 10:15 p.m.

CVE-2021-3786

2021-11-1222:15:08

CWE-20

[email protected]

web.nvd.nist.gov

cve-2021-3786

vulnerability

smi callback function

csme configuration

lenovo

notebook

thinkpad

data leak

smram

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range.

Affected configurations

NVD

Node

lenovothinkpad_x380_yoga_firmwareRange<2020-10-31

AND

lenovothinkpad_x380_yogaMatch-

Node

lenovothinkpad_x1_fold_gen_1_firmwareRange<2021-10-29

AND

lenovothinkpad_x1_fold_gen_1Match-

Node

lenovothinkpad_yoga_260_firmwareRange<2021-10-25

AND

lenovothinkpad_yoga_260Match-

Node

lenovothinkpad_yoga_11e_3rd_gen_firmwareRange<2021-10-31

AND

lenovothinkpad_yoga_11e_3rd_genMatch-

Node

lenovothinkpad_yoga_15_firmwareRange<n19et66w

AND

lenovothinkpad_yoga_15Match-

Node

lenovothinkpad_yoga_370Match-

AND

lenovothinkpad_yoga_370_firmwareRange<2021-10-31

Node

lenovothinkpad_x12_detachable_gen_1Match-

AND

lenovothinkpad_x12_detachable_gen_1_firmwareRange<2021-10-31

Node

lenovothinkpad_x390Match-

AND

lenovothinkpad_x390_firmwareRange<n2jet96w

Node

lenovothinkpad_yoga_11e_4th_genMatch-

AND

lenovothinkpad_yoga_11e_4th_gen_firmwareRange<2021-10-31

Node

lenovothinkpad_yoga_11e_5th_genMatch-

AND

lenovothinkpad_yoga_11e_5th_gen_firmwareRange<2021-10-31geminilake-r

Node

lenovothinkpad_x250Match-

AND

lenovothinkpad_x250_firmwareRange<2021-10-31

Node

lenovothinkpad_x260Match-

AND

lenovothinkpad_x260_firmwareRange<2021-10-31

Node

lenovothinkpad_x390_yogaMatch-

AND

lenovothinkpad_x390_yoga_firmwareRange<n2let87w

Node

lenovothinkpad_x280_firmwareRange<n20et58w

AND

lenovothinkpad_x280Match-

Node

lenovothinkpad_x1_titanium_firmwareRange<n2met51w

AND

lenovothinkpad_x1_titaniumMatch-

Node

lenovothinkpad_x270_firmwareRange<2021-10-29

AND

lenovothinkpad_x270Match-

Node

lenovothinkpad_x1_carbon_5th_gen_kabylake_firmwareRange<n1met66w

AND

lenovothinkpad_x1_carbon_5th_gen_kabylakeMatch-

Node

lenovothinkpad_x13_gen_1_firmwareRange<n2yet31w

AND

lenovothinkpad_x13_gen_1Match-

Node

lenovothinkpad_x13_gen_2_firmwareRange<n35et41w

AND

lenovothinkpad_x13_gen_2Match-

Node

lenovothinkpad_x13_yoga_gen_1_firmwareRange<n2uet56w

AND

lenovothinkpad_x13_yoga_gen_1Match-

Node

lenovothinkpad_x13_yoga_gen_2_firmwareRange<n39et47w

AND

lenovothinkpad_x13_yoga_gen_2Match-

Node

lenovothinkpad_x1_carbon_5th_gen_skylake_firmwareRange<n1met66w

AND

lenovothinkpad_x1_carbon_5th_gen_skylakeMatch-

Node

lenovothinkpad_x1_yoga_1st_gen_firmwareRange<n1fet76w

AND

lenovothinkpad_x1_yoga_1st_genMatch-

Node

lenovothinkpad_x1_yoga_3rd_gen_firmwareRange<n25et57w

AND

lenovothinkpad_x1_yoga_3rd_genMatch-

Node

lenovothinkpad_x1_yoga_4th_gen_firmwareRange<n2het64w

AND

lenovothinkpad_x1_yoga_4th_genMatch-

Node

lenovothinkpad_x1_yoga_gen_5_firmwareRange<n2wet30w

AND

lenovothinkpad_x1_yoga_gen_5Match-

Node

lenovothinkpad_x1_carbon_4th_gen_firmwareRange<n1fet76w

AND

lenovothinkpad_x1_carbon_4th_genMatch-

Node

lenovothinkpad_10_firmwareRange<2021-10-25

AND

lenovothinkpad_10Match-

Node

lenovothinkpad_x1_nano_gen_1_firmwareRange<n2tet67w

AND

lenovothinkpad_x1_nano_gen_1Match-

Node

lenovothinkpad_x1_extreme_firmwareRange<n2eet54w

AND

lenovothinkpad_x1_extremeMatch-

Node

lenovothinkpad_x1_extreme_2nd_firmwareRange<n2oet53w

AND

lenovothinkpad_x1_extreme_2ndMatch-

Node

lenovothinkpad_x1_extreme_gen_3_firmwareRange<n2vet33w

AND

lenovothinkpad_x1_extreme_gen_3Match-

Node

lenovothinkpad_t460s_firmwareRange<n1cet84w

AND

lenovothinkpad_t460sMatch-

Node

lenovothinkpad_s2_gen_6_firmwareRange<2021-10-31

AND

lenovothinkpad_s2_gen_6Match-

Node

lenovothinkpad_x1_carbon_gen_6_firmwareRange<n23et78w

AND

lenovothinkpad_x1_carbon_gen_6Match-

Node

lenovothinkpad_x1_carbon_gen_7_firmwareRange<n2het64w

AND

lenovothinkpad_x1_carbon_gen_7Match-

Node

lenovothinkpad_x1_carbon_gen_8_firmwareRange<n2het64w

AND

lenovothinkpad_x1_carbon_gen_8Match-

Node

lenovothinkpad_t560_firmwareRange<n1ket52w

AND

lenovothinkpad_t560Match-

Node

lenovothinkpad_t460p_firmwareRange<2021-10-29

AND

lenovothinkpad_t460pMatch-

Node

lenovothinkpad_w550s_firmwareRange<n11et54w

AND

lenovothinkpad_w550sMatch-

Node

lenovothinkpad_t590_firmwareRange<n2iet96w

AND

lenovothinkpad_t590Match-

Node

lenovothinkpad_t570_firmwareRange<n1vet57w

AND

lenovothinkpad_t570Match-

Node

lenovothinkpad_s2_yoga_gen_6_firmwareRange<2021-10-31

AND

lenovothinkpad_s2_yoga_gen_6Match-

Node

lenovothinkpad_t480_firmwareRange<n24et65w

AND

lenovothinkpad_t480Match-

Node

lenovothinkpad_x1_tablet_firmwareRange<n1let92w

AND

lenovothinkpad_x1_tabletMatch-

Node

lenovothinkpad_t550_firmwareRange<n11et54w

AND

lenovothinkpad_t550Match-

Node

lenovothinkpad_x1_carbon_3rd_gen_firmwareRange<n14et56w

AND

lenovothinkpad_x1_carbon_3rd_genMatch-

Node

lenovothinkpad_x1_tablet_gen_2_firmwareRange<n1oet56w

AND

lenovothinkpad_x1_tablet_gen_2Match-

Node

lenovothinkpad_x1_tablet_gen_3_firmwareRange<2021-10-29

AND

lenovothinkpad_x1_tablet_gen_3Match-

Node

lenovothinkpad_t580_firmwareRange<n27et43w

AND

lenovothinkpad_t580Match-

Node

lenovothinkpad_t480s_firmwareRange<n22et70w

AND

lenovothinkpad_t480sMatch-

Node

lenovothinkpad_t15_firmwareRange<n2xet32w

AND

lenovothinkpad_t15Match-

Node

lenovothinkpad_t460_firmwareRange<2021-10-31

AND

lenovothinkpad_t460Match-

Node

lenovothinkpad_t470_firmwareRange<n1qet92w

AND

lenovothinkpad_t470Match-

Node

lenovothinkpad_t490_firmwareRange<n2iet96w

AND

lenovothinkpad_t490Match-

Node

lenovothinkpad_t490s_firmwareRange<n2iet96w

AND

lenovothinkpad_t490sMatch-

Node

lenovothinkpad_t14s_gen_2_firmwareRange<n35et41w

AND

lenovothinkpad_t14s_gen_2Match-

Node

lenovothinkpad_t14s_firmwareRange<2021-10-15

AND

lenovothinkpad_t14sMatch-

Node

lenovothinkpad_t470p_firmwareRange<r0fet55w

AND

lenovothinkpad_t470pMatch-

Node

lenovothinkpad_t470s_firmwareRange<2021-10-29

AND

lenovothinkpad_t470sMatch-

Node

lenovothinkpad_p71_firmwareRange<2021-10-29

AND

lenovothinkpad_p71Match-

Node

lenovothinkpad_t440p_firmwareRange<2021-10-29

AND

lenovothinkpad_t440pMatch-

Node

lenovothinkpad_t15_gen_2_firmwareRange<n34et42w

AND

lenovothinkpad_t15_gen_2Match-

Node

lenovothinkpad_t15p_gen_1_firmwareRange<2021-10-29

AND

lenovothinkpad_t15p_gen_1Match-

Node

lenovothinkpad_p70_firmwareRange<n1detb2w

AND

lenovothinkpad_p70Match-

Node

lenovothinkpad_t15g_gen_1_firmwareRange<2021-10-29

AND

lenovothinkpad_t15g_gen_1Match-

Node

lenovothinkpad_t14_gen_1_firmwareRange<n2xet32w

AND

lenovothinkpad_t14_gen_1Match-

Node

lenovothinkpad_t14_gen_2_firmwareRange<n34et42w

AND

lenovothinkpad_t14_gen_2Match-

Node

lenovothinkpad_p73_firmwareRange<n2net47w

AND

lenovothinkpad_p73Match-

Node

lenovothinkpad_s540_firmwareRange<2021-10-25

AND

lenovothinkpad_s540Match-

Node

lenovothinkpad_p72_firmwareRange<n2cet60w

AND

lenovothinkpad_p72Match-

Node

lenovothinkpad_l380_firmwareRange<2021-10-31

AND

lenovothinkpad_l380Match-

Node

lenovothinkpad_s5_2nd_gen_firmwareRange<2021-10-31

AND

lenovothinkpad_s5_2nd_genMatch-

Node

lenovothinkpad_p15v_gen_1_firmwareRange<2021-10-29

AND

lenovothinkpad_p15v_gen_1Match-

Node

lenovothinkpad_p53_firmwareRange<n2net47w

AND

lenovothinkpad_p53Match-

Node

lenovothinkpad_p53s_firmwareRange<n2iet96w

AND

lenovothinkpad_p53sMatch-

Node

lenovothinkpad_p43s_firmwareRange<n2iet96w

AND

lenovothinkpad_p43sMatch-

Node

lenovothinkpad_p51Match-

AND

lenovothinkpad_p51_firmwareRange<n1uet82w

Node

lenovothinkpad_p51sMatch-

AND

lenovothinkpad_p51s_firmwareRange<n1vet57w

Node

lenovothinkpad_p50Match-

AND

lenovothinkpad_p50_firmwareRange<n1eet92w

Node

lenovothinkpad_p52Match-

AND

lenovothinkpad_p52_firmwareRange<n2cet60w

Node

lenovothinkpad_p52sMatch-

AND

lenovothinkpad_p52s_firmwareRange<n27et43w

Node

lenovothinkpad_p50sMatch-

AND

lenovothinkpad_p50s_firmwareRange<n1ket52w

Node

lenovothinkpad_l570Match-

AND

lenovothinkpad_l570_firmwareRange<n1xet74w

Node

lenovothinkpad_p17_gen_1Match-

AND

lenovothinkpad_p17_gen_1_firmwareRange<2021-10-29

Node

lenovothinkpad_l580_firmwareRange<2021-10-15

AND

lenovothinkpad_l580Match-

Node

lenovothinkpad_p14s_gen_1_firmwareRange<n2xet32w

AND

lenovothinkpad_p14s_gen_1Match-

Node

lenovothinkpad_p14s_gen_2_firmwareRange<n34et42w

AND

lenovothinkpad_p14s_gen_2Match-

Node

lenovothinkpad_p15_gen_1_firmwareRange<2021-10-29

AND

lenovothinkpad_p15_gen_1Match-

Node

lenovothinkpad_p15s_gen_1_firmwareRange<n2xet32w

AND

lenovothinkpad_p15s_gen_1Match-

Node

lenovothinkpad_p15s_gen_2_firmwareRange<n34et42w

AND

lenovothinkpad_p15s_gen_2Match-

Node

lenovothinkpad_l590_firmwareRange<2021-10-15

AND

lenovothinkpad_l590Match-

Node

lenovothinkpad_l380_yoga_firmwareRange<2021-10-31

AND

lenovothinkpad_l380_yogaMatch-

Node

lenovothinkpad_l490_firmwareRange<2021-10-15

AND

lenovothinkpad_l490Match-

Node

lenovothinkpad_l560_firmwareRange<n1het92w

AND

lenovothinkpad_l560Match-

Node

lenovothinkpad_p1_firmwareRange<n2eet54w

AND

lenovothinkpad_p1Match-

Node

lenovothinkpad_p1_gen_2_firmwareRange<n2oet53w

AND

lenovothinkpad_p1_gen_2Match-

Node

lenovothinkpad_p1_gen_3_firmwareRange<n2vet33w

AND

lenovothinkpad_p1_gen_3Match-

Node

lenovothinkpad_l480_firmwareRange<2021-10-15

AND

lenovothinkpad_l480Match-

Node

lenovothinkpad_l470_firmwareRange<2021-10-15

AND

lenovothinkpad_l470Match-

Node

lenovothinkpad_l460_firmwareRange<2021-10-15

AND

lenovothinkpad_l460Match-

Node

lenovothinkpad_e490_firmwareRange<2021-10-15

AND

lenovothinkpad_e490Match-

Node

lenovothinkpad_helix_firmwareRange<n17etb6w

AND

lenovothinkpad_helixMatch-

Node

lenovothinkpad_l390_firmwareRange<2021-10-31

AND

lenovothinkpad_l390Match-

Node

lenovothinkpad_l390_yoga_firmwareRange<2021-10-31

AND

lenovothinkpad_l390_yogaMatch-

Node

lenovothinkpad_e15_gen_3_firmwareRange<2021-10-15

AND

lenovothinkpad_e15_gen_3Match-

Node

lenovothinkpad_l14_firmwareRange<2021-10-15

AND

lenovothinkpad_l14Match-

Node

lenovothinkpad_l13_gen_2_firmwareRange<2021-10-31

AND

lenovothinkpad_l13_gen_2Match-

Node

lenovothinkpad_l15_firmwareRange<2021-10-15

AND

lenovothinkpad_l15Match-

Node

lenovothinkpad_l15_gen_2_firmwareRange<2021-10-15

AND

lenovothinkpad_l15_gen_2Match-

Node

lenovothinkpad_l13_firmwareRange<2021-10-31

AND

lenovothinkpad_l13Match-

Node

lenovothinkpad_e14_gen_3_firmwareRange<2021-10-15

AND

lenovothinkpad_e14_gen_3Match-

Node

lenovothinkpad_e590_firmwareRange<2021-10-15

AND

lenovothinkpad_e590Match-

Node

lenovothinkpad_e580_firmwareRange<2021-10-15

AND

lenovothinkpad_e580Match-

Node

lenovothinkpad_l13_yoga_gen_2_firmwareRange<2021-10-31

AND

lenovothinkpad_l13_yoga_gen_2Match-

Node

lenovothinkpad_e570_firmwareRange<2021-10-15

AND

lenovothinkpad_e570Match-

Node

lenovothinkpad_l13_yoga_firmwareRange<2021-10-31

AND

lenovothinkpad_l13_yogaMatch-

Node

lenovothinkpad_11e_3rd_gen_firmwareRange<2021-10-31

AND

lenovothinkpad_11e_3rd_genMatch-

Node

lenovothinkpad_e480_firmwareRange<2021-10-15

AND

lenovothinkpad_e480Match-

Node

lenovothinkpad_e14_firmwareRange≤2021-10-15

AND

lenovothinkpad_e14Match-

Node

lenovothinkpad_e470_firmwareRange<2021-10-15

AND

lenovothinkpad_e470Match-

Node

lenovothinkpad_e15_firmwareRange<2021-10-15

AND

lenovothinkpad_e15Match-

Node

lenovothinkpad_e15_gen_2_firmwareRange<2021-10-15

AND

lenovothinkpad_e15_gen_2Match-

Node

lenovothinkpad_25_firmwareRange<n1qet92w

AND

lenovothinkpad_25Match-

Node

lenovothinkpad_e14_gen_2_firmwareRange<2021-10-15

AND

lenovothinkpad_e14_gen_2Match-

Node

lenovothinkpad_13_gen_2_firmwareRange<2021-10-31

AND

lenovothinkpad_13_gen_2Match-

Node

lenovothinkpad_11e_4th_gen_firmwareRange<2021-10-31

AND

lenovothinkpad_11e_4th_genMatch-

Node

lenovothinkpad_11e_yoga_gen_6_firmwareRange<2021-10-31

AND

lenovothinkpad_11e_yoga_gen_6Match-

Node

lenovoideapad_s940-14iwl_firmwareRange≤12.0.81.1753

AND

lenovoideapad_s940-14iwlMatch-

Node

lenovoideapad_yoga_s940-14iwl_firmwareRange≤12.0.81.1753

AND

lenovoideapad_yoga_s940-14iwlMatch-

Node

lenovov330-15isk_firmwareRange≤11.8.86.3877

AND

lenovov330-15iskMatch-

Node

lenovov330-15ikb_firmwareRange≤11.8.86.3877

AND

lenovov330-15ikbMatch-

Node

lenovov130-15igm_firmwareRange≤6vcn42ww

AND

lenovov130-15igmMatch-

Node

lenovothinkpad_x1_yoga_4th_gen_firmwareRange<n2qet42w

AND

lenovothinkpad_x1_yoga_4th_genMatch-

Node

lenovothinkpad_x1_carbon_gen_7_firmwareRange<n2qet42w

AND

lenovothinkpad_x1_carbon_gen_7Match-

Node

lenovothinkpad_x1_carbon_gen_8_firmwareRange<n2qet42w

AND

lenovothinkpad_x1_carbon_gen_8Match-

CPENameOperatorVersion
lenovo:thinkpad_x380_yoga_firmwarelenovo thinkpad x380 yoga firmwarelt2020-10-31

CPE	Name	Operator	Version
lenovo:thinkpad_x380_yoga_firmware	lenovo thinkpad x380 yoga firmware	lt	2020-10-31

CNA Affected

[
  {
    "product": "Notebook and ThinkPad BIOS",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-67440

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2021-3786

cvelist1 nvd1 prion1