Vulnerability Description
A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Thinkpad 11E 3Rd Gen Firmware | <= 1.22 |
| Lenovo | Thinkpad 11E 3Rd Gen | - |
| Microsoft | Windows 10 | - |
| Microsoft | Windows 7 | - |
| Microsoft | Windows 8.1 | - |
| Lenovo | Thinkpad 11E 4Th Gen I3 Firmware | <= 1.22 |
| Lenovo | Thinkpad 11E 4Th Gen I3 | - |
| Lenovo | Thinkpad 11E 4Th Gen I7 Firmware | <= 1.22 |
| Lenovo | Thinkpad 11E 4Th Gen I7 | - |
| Lenovo | Thinkpad 11E 4Th Gen I5 Firmware | <= 1.22 |
| Lenovo | Thinkpad 11E 4Th Gen I5 | - |
| Lenovo | Thinkpad 11E 4Th Gen Celeron Firmware | <= 1.27 |
| Lenovo | Thinkpad 11E 4Th Gen Celeron | - |
| Lenovo | Thinkpad 11E Yoga Gen 6 Firmware | <= 1.12 |
| Lenovo | Thinkpad 11E Yoga Gen 6 | - |
| Lenovo | Thinkpad 13 Gen 2 Firmware | <= 1.29 |
| Lenovo | Thinkpad 13 Gen 2 | - |
| Lenovo | Thinkpad E490 Firmware | <= 1.30 |
| Lenovo | Thinkpad E490 | - |
| Lenovo | Thinkpad E490S Firmware | <= 1.30 |
Related Weaknesses (CWE)
References
- https://support.lenovo.com/us/en/product_security/LEN-72619Vendor Advisory
- https://support.lenovo.com/us/en/product_security/LEN-72619Vendor Advisory
FAQ
What is CVE-2021-3718?
CVE-2021-3718 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS.
How severe is CVE-2021-3718?
CVE-2021-3718 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3718?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkpad 11E 3Rd Gen Firmware, Lenovo Thinkpad 11E 3Rd Gen, Microsoft Windows 10, Microsoft Windows 7, Microsoft Windows 8.1.