1. Home
  2. CVE Database
  3. CVE-2021-3843
MEDIUM · 6.7

CVE-2021-3843

A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Vulnerability Description

A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
LenovoThinkpad 11E 3Rd Gen Firmware<= 1.22
LenovoThinkpad 11E 3Rd Gen-
LenovoThinkpad 11E 4Th Gen I3 Firmware<= 1.22
LenovoThinkpad 11E 4Th Gen I3-
LenovoThinkpad 11E 4Th Gen I7 Firmware<= 1.22
LenovoThinkpad 11E 4Th Gen I7-
LenovoThinkpad 11E 4Th Gen I5 Firmware<= 1.22
LenovoThinkpad 11E 4Th Gen I5-
LenovoThinkpad 11E 4Th Gen Celeron Firmware<= 1.27
LenovoThinkpad 11E 4Th Gen Celeron-
LenovoThinkpad 11E Yoga Gen 6 Firmware<= 1.12
LenovoThinkpad 11E Yoga Gen 6-
LenovoThinkpad 13 Gen 2 Firmware<= 1.29
LenovoThinkpad 13 Gen 2-
LenovoThinkpad L13 Firmware<= 1.31
LenovoThinkpad L13-
LenovoThinkpad L13 Gen 2 Firmware<= 1.11
LenovoThinkpad L13 Gen 2-
LenovoThinkpad L13 Yoga Firmware<= 1.31
LenovoThinkpad L13 Yoga-

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2021-3843?

CVE-2021-3843 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

How severe is CVE-2021-3843?

CVE-2021-3843 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3843?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkpad 11E 3Rd Gen Firmware, Lenovo Thinkpad 11E 3Rd Gen, Lenovo Thinkpad 11E 4Th Gen I3 Firmware, Lenovo Thinkpad 11E 4Th Gen I3, Lenovo Thinkpad 11E 4Th Gen I7 Firmware.