CVE-2021-3786 Vulnerability Details

  /     /     /  

CVE-2021-3786 Metadata Quick Info

CVE Published: 12/11/2021 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: lenovo | Vendor: Lenovo | Product: Notebook and ThinkPad BIOS
Status : PUBLISHED

---

CVE-2021-3786 Description

A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range.

Metrics

CVSS Version: 3.1 | Base Score: 4.4 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* HIGH
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* NONE
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-20
CWE Name: CWE-20 Improper Input Validation
Source: Lenovo

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).