high
7.8
CWE
276
Advisory Published
Updated

CVE-2021-3462

First published: Tue Apr 13 2021(Updated: )

A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Lenovo Power Management Driver<1.67.17.54
Lenovo ThinkPad 11e (5th Gen)
Lenovo ThinkPad 11e Yoga Gen 6 Firmware
Lenovo ThinkPad 13 Gen 2 Firmware
lenovo thinkpad 25
lenovo ThinkPad a275
Lenovo ThinkPad A285
lenovo ThinkPad a475
lenovo ThinkPad a485
Lenovo Thinkpad E14
Lenovo ThinkPad E14 Gen 2
Lenovo ThinkPad E15
Lenovo ThinkPad E15 Gen 2
Lenovo ThinkPad e470
Lenovo ThinkPad E470c
lenovo ThinkPad e475
lenovo thinkpad e480
Lenovo thinkpad e490
Lenovo ThinkPad E495
Lenovo ThinkPad e570
Lenovo Thinkpad E570c
lenovo ThinkPad e575
lenovo thinkpad e580
Lenovo thinkpad e590
Lenovo ThinkPad E595
Lenovo ThinkPad L13
Lenovo ThinkPad L13 Gen 1
Lenovo ThinkPad L13 Gen 2 Firmware
Lenovo ThinkPad L13 Yoga Gen 1
Lenovo ThinkPad L13 Yoga Gen 1
Lenovo ThinkPad L13 Yoga Gen 2 Firmware
Lenovo ThinkPad L14 Gen 1 Firmware
Lenovo ThinkPad L14
Lenovo ThinkPad L15 Gen 1 Firmware
Lenovo ThinkPad L15 Gen 2
lenovo thinkpad l380
lenovo thinkpad l380 yoga
Lenovo Thinkpad L390 Firmware
Lenovo thinkpad l390 yoga
Lenovo ThinkPad L470
lenovo thinkpad l480
Lenovo thinkpad l490
Lenovo ThinkPad l570
lenovo thinkpad l580
Lenovo thinkpad l590
Lenovo ThinkPad P1
Lenovo Thinkpad P1 Gen 2
Lenovo ThinkPad P1
Lenovo ThinkPad P14s Gen 1
Lenovo ThinkPad P14s Gen 2
Lenovo ThinkPad P15 Gen 1
Lenovo Thinkpad P15s Gen 1
Lenovo ThinkPad P15s Gen 2
Lenovo Thinkpad P15v Gen 1
Lenovo ThinkPad P17 Gen 1 Firmware
Lenovo Thinkpad P43s Firmware
Lenovo ThinkPad P51
Lenovo ThinkPad P51s Firmware
Lenovo ThinkPad P52
Lenovo ThinkPad P52s Firmware
Lenovo ThinkPad P53s
Lenovo ThinkPad P53s Firmware
lenovo thinkpad p71
Lenovo ThinkPad P72
Lenovo ThinkPad P73
Lenovo ThinkPad R14
Lenovo ThinkPad R14
Lenovo ThinkPad R480
Lenovo ThinkPad S1 Gen 4
Lenovo ThinkPad S2 Gen 2
Lenovo ThinkPad S2 Gen 5
Lenovo ThinkPad S2 Yoga Gen 6 Firmware
Lenovo ThinkPad S2 Yoga Gen 5
Lenovo ThinkPad S2 Yoga Gen 6 Firmware
Lenovo ThinkPad S3 Gen 2
Lenovo ThinkPad S5 Gen 2
Lenovo Thinkpad T14 Gen 1
Lenovo Thinkpad T14 Gen 2
Lenovo Thinkpad T14s Gen 1
Lenovo ThinkPad T14s Gen 2i
Lenovo ThinkPad T15 Gen 1
Lenovo ThinkPad T15 Gen 2
Lenovo Thinkpad T15g Gen 1 Firmware
Lenovo Thinkpad T15p Gen 1
lenovo thinkpad t470
lenovo thinkpad t470p
Lenovo ThinkPad T470s
lenovo thinkpad t480
lenovo thinkpad t480s
Lenovo ThinkPad T490 (20QX)
Lenovo ThinkPad T490s Firmware
Lenovo ThinkPad T495 Drift Firmware
lenovo thinkpad t570
lenovo thinkpad t580
Lenovo ThinkPad T590
Lenovo ThinkPad X1 Carbon 5
Lenovo ThinkPad x1 carbon gen 6
Lenovo ThinkPad x1 carbon gen 7
Lenovo ThinkPad x1 carbon gen 8
Lenovo Thinkpad X1 Carbon Gen 9
Lenovo ThinkPad X1 Extreme Firmware
lenovo thinkpad x1 extreme 2nd
Lenovo ThinkPad x1 extreme gen 3
Lenovo Thinkpad X1 Nano Gen 1
Lenovo ThinkPad x1 tablet gen 2
Lenovo ThinkPad x1 tablet gen 3
Lenovo ThinkPad X1 Titanium Gen 1
Lenovo ThinkPad X1 Yoga Gen 2 Firmware
Lenovo ThinkPad X1 Yoga
Lenovo ThinkPad X1 Yoga 4th Gen
Lenovo ThinkPad x1 yoga gen 5
Lenovo ThinkPad X1 Yoga
Lenovo ThinkPad X12
Lenovo ThinkPad x13 gen 1
Lenovo ThinkPad X13 Gen 2i
Lenovo ThinkPad X13 Yoga Gen 1
Lenovo ThinkPad X13 Yoga Gen 2 Firmware
Lenovo ThinkPad x270
lenovo thinkpad x280
lenovo thinkpad x380 yoga
Lenovo ThinkPad x390
Lenovo thinkpad x390 yoga
lenovo ThinkPad x395
Lenovo ThinkPad Yoga 11e Gen 5
lenovo thinkpad yoga 370

Remedy

Update to Lenovo Power Management Driver for Windows 10 version 1.67.17.54 or higher.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-3462?

    CVE-2021-3462 has a high severity rating as it allows for privilege escalation in the Lenovo Power Management Driver.

  • How do I fix CVE-2021-3462?

    To fix CVE-2021-3462, upgrade the Lenovo Power Management Driver to version 1.67.17.54 or later.

  • Which devices are affected by CVE-2021-3462?

    CVE-2021-3462 affects Lenovo Power Management Driver versions prior to 1.67.17.54 on Windows 10.

  • What does CVE-2021-3462 allow unauthorized users to do?

    CVE-2021-3462 allows unauthorized users to gain access to the driver's device object, potentially leading to privilege escalation.

  • Is it safe to use affected Lenovo devices with CVE-2021-3462?

    It is not safe to use affected Lenovo devices until the Power Management Driver has been updated to the secure version.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203