1. Home
  2. CVE Database
  3. CVE-2021-3452
MEDIUM · 6.7

CVE-2021-3452

A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Vulnerability Description

A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
LenovoBios-
LenovoThinkpad 11E 3Rd Gen-
LenovoThinkpad 11E 4Th Gen-
LenovoThinkpad 11E 5Th Gen-
LenovoThinkpad 11E Yoga Gen 6-
LenovoThinkpad 13 Gen 2-
LenovoThinkpad E14 Gen 2-
LenovoThinkpad E15 Gen 2-
LenovoThinkpad L13-
LenovoThinkpad L13 Gen 2-
LenovoThinkpad L13 Yoga-
LenovoThinkpad L13 Yogo Gen 2-
LenovoThinkpad L14-
LenovoThinkpad L14 Gen 2-
LenovoThinkpad L15-
LenovoThinkpad L15 Gen 2-
LenovoThinkpad L380-
LenovoThinkpad L380 Yoga-
LenovoThinkpad L390-
LenovoThinkpad L390 Yoga-

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2021-3452?

CVE-2021-3452 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

How severe is CVE-2021-3452?

CVE-2021-3452 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3452?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Bios, Lenovo Thinkpad 11E 3Rd Gen, Lenovo Thinkpad 11E 4Th Gen, Lenovo Thinkpad 11E 5Th Gen, Lenovo Thinkpad 11E Yoga Gen 6.