high
7.8
CWE
276
Advisory Published
Updated

CVE-2021-3462

First published: Tue Apr 13 2021(Updated: )

A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Lenovo Power Management Driver<1.67.17.54
Lenovo Thinkpad 11e Chromebook
Lenovo ThinkPad 11e Yoga Gen 6 Firmware
Lenovo ThinkPad 13 2nd Gen Firmware
Lenovo ThinkPad 25 Firmware
Lenovo ThinkPad A275 Firmware
Lenovo ThinkPad A285 Firmware
Lenovo ThinkPad A475 Firmware
Lenovo ThinkPad A485 Firmware
Lenovo Thinkpad E14
Lenovo Thinkpad E14 Gen 2
Lenovo ThinkPad E15
Lenovo ThinkPad E15 Gen 2
Lenovo ThinkPad E470 Firmware
Lenovo ThinkPad E470c
Lenovo ThinkPad E475 Firmware
Lenovo ThinkPad E480
Lenovo ThinkPad E490
Lenovo ThinkPad E495
Lenovo ThinkPad E570 Firmware
Lenovo ThinkPad E570c
Lenovo ThinkPad E575 Firmware
Lenovo Thinkpad E580
Lenovo ThinkPad E590
Lenovo ThinkPad E595
Lenovo ThinkPad L13
Lenovo ThinkPad L13 1st Gen Firmware
Lenovo ThinkPad L13 Gen 2 Firmware
Lenovo ThinkPad L13 Yoga Gen 1
Lenovo ThinkPad L13 Yoga Gen 1
Lenovo 13w Yoga Gen 2 Firmware
Lenovo ThinkPad L14
Lenovo ThinkPad L14
Lenovo ThinkPad L15 Gen 1 Firmware
Lenovo ThinkPad L15 Gen 2
Lenovo ThinkPad L380
Lenovo ThinkPad L380 Yoga Firmware
Lenovo Thinkpad L390 Firmware
Lenovo ThinkPad L390 Yoga Firmware
Lenovo ThinkPad L470 Firmware
Lenovo ThinkPad L480
Lenovo ThinkPad L490 Firmware
Lenovo ThinkPad L570 Firmware
Lenovo ThinkPad L580 Firmware
Lenovo ThinkPad L590 Firmware
Lenovo ThinkPad P1 Firmware
Lenovo Thinkpad P1 Gen 2
Lenovo ThinkPad P1
Lenovo ThinkPad P14s Gen 1
Lenovo ThinkPad P14s Gen 2
Lenovo ThinkPad P15 Gen 1
Lenovo ThinkPad P15s Gen 1
Lenovo ThinkPad P15s Gen 2
Lenovo Thinkpad P15v Gen 1
Lenovo ThinkPad P17 Gen 1 Firmware
Lenovo Thinkpad P43s Firmware
Lenovo ThinkPad P51
Lenovo ThinkPad P51s Firmware
Lenovo ThinkPad P52
Lenovo ThinkPad P52s Firmware
Lenovo ThinkPad P53s
Lenovo ThinkPad P53s Firmware
Lenovo ThinkPad P71 Firmware
Lenovo ThinkPad P72 Firmware
Lenovo ThinkPad P73
Lenovo ThinkPad R14
Lenovo ThinkPad R14 Gen 2 Firmware
Lenovo ThinkPad R480
Lenovo ThinkPad S1 Gen 4
Lenovo ThinkPad S2 Gen 2
Lenovo ThinkPad S2 Gen 5
Lenovo ThinkPad S2 Yoga Gen 6 Firmware
Lenovo ThinkPad S2 Yoga Gen 5
Lenovo ThinkPad S2 Yoga Gen 6 Firmware
Lenovo ThinkPad S3 2nd Gen Firmware
Lenovo ThinkPad S5 2nd Generation
Lenovo Thinkpad T14 Gen 1
Lenovo Thinkpad T14 Gen 2
Lenovo Thinkpad T14s Gen 1
Lenovo ThinkPad T14s Gen 2i
Lenovo ThinkPad T15
Lenovo ThinkPad T15 Gen 2
Lenovo Thinkpad T15g Gen 1 Firmware
Lenovo ThinkPad T15p Gen 1
Lenovo ThinkPad T470 (20JX) Firmware
Lenovo ThinkPad T470p firmware
Lenovo ThinkPad T470
Lenovo ThinkPad T480
Lenovo ThinkPad T480s Firmware
Lenovo ThinkPad T490 (20QX)
Lenovo ThinkPad T490s Firmware
Lenovo ThinkPad T495 Drift Firmware
Lenovo ThinkPad T570 (20HX) Firmware
Lenovo ThinkPad T580
Lenovo ThinkPad T590
Lenovo ThinkPad X1 Carbon 5
Lenovo ThinkPad X1 Carbon Gen 6 Firmware
Lenovo ThinkPad X1 Carbon 7th Gen
Lenovo ThinkPad X1 Carbon 8th Gen
Lenovo ThinkPad X1 Carbon Gen 9
Lenovo ThinkPad X1 Extreme (2nd Gen)
Lenovo ThinkPad X1 Extreme (2nd Gen)
Lenovo ThinkPad X1 Extreme
Lenovo Thinkpad X1 Nano Gen 1
Lenovo ThinkPad X1 Tablet Gen 2
Lenovo ThinkPad X1 Tablet Gen 3 Firmware
Lenovo Thinkpad X1 Titanium Firmware
Lenovo ThinkPad X1 Yoga Gen 2 Firmware
Lenovo ThinkPad X1 Yoga
Lenovo ThinkPad X1 Yoga 4th Gen
Lenovo ThinkPad X1 Yoga
Lenovo ThinkPad X1 Yoga Gen 6
Lenovo ThinkPad X12
Lenovo ThinkPad X13
Lenovo Thinkpad X13 Gen 2
Lenovo ThinkPad X13 Yoga Gen 1
Lenovo ThinkPad X13 Yoga Gen 2 Firmware
Lenovo ThinkPad X270
Lenovo ThinkPad X280 Firmware
Lenovo ThinkPad X380 Yoga
Lenovo ThinkPad X390 Yoga
Lenovo ThinkPad X390 Yoga Firmware
Lenovo ThinkPad x395 firmware
Lenovo ThinkPad Yoga 11e 5th Gen
Lenovo ThinkPad Yoga 370 Firmware

Remedy

Update to Lenovo Power Management Driver for Windows 10 version 1.67.17.54 or higher.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-3462?

    CVE-2021-3462 has a high severity rating as it allows for privilege escalation in the Lenovo Power Management Driver.

  • How do I fix CVE-2021-3462?

    To fix CVE-2021-3462, upgrade the Lenovo Power Management Driver to version 1.67.17.54 or later.

  • Which devices are affected by CVE-2021-3462?

    CVE-2021-3462 affects Lenovo Power Management Driver versions prior to 1.67.17.54 on Windows 10.

  • What does CVE-2021-3462 allow unauthorized users to do?

    CVE-2021-3462 allows unauthorized users to gain access to the driver's device object, potentially leading to privilege escalation.

  • Is it safe to use affected Lenovo devices with CVE-2021-3462?

    It is not safe to use affected Lenovo devices until the Power Management Driver has been updated to the secure version.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203