A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.
Metrics
CVSS Version: 3.1 |
Base Score: 6.7 MEDIUM Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
l➤ Exploitability Metrics: Attack Vector (AV)* LOCAL Attack Complexity (AC)* LOW Privileges Required (PR)* HIGH User Interaction (UI)* NONE Scope (S)* UNCHANGED
l➤ Impact Metrics: Confidentiality Impact (C)* HIGH Integrity Impact (I)* HIGH Availability Impact (A)* HIGH