high
7.2
CWE
20
Advisory Published
Updated

CVE-2021-3599: Input Validation

First published: Fri Nov 12 2021(Updated: )

A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Lenovo ThinkPad x380 Yoga Firmware<2020-10-31
Lenovo ThinkPad X380 Yoga
Lenovo ThinkPad X1 Fold Gen 1 Firmware<2021-10-29
Lenovo ThinkPad X1 Fold Gen 1 Firmware
Lenovo ThinkPad Yoga 260 S1 Firmware<2021-10-25
Lenovo ThinkPad Yoga 260 Firmware
Lenovo ThinkPad Yoga 11e 3rd Gen Firmware<2021-10-31
Lenovo ThinkPad Yoga 11e 3rd Gen Firmware
Lenovo ThinkPad Yoga 15 Firmware<n19et66w
Lenovo ThinkPad Yoga 15 Firmware
Lenovo ThinkPad Yoga 370 Firmware<2021-10-31
Lenovo ThinkPad Yoga 370 Firmware
Lenovo ThinkPad X12 Detachable Gen 1 Firmware<2021-10-31
Lenovo ThinkPad X12 Detachable Gen 1 Firmware
Lenovo ThinkPad X390 Firmware<n2jet96w
Lenovo ThinkPad X390 Yoga
Lenovo Yoga 11e 4th Gen Firmware<2021-10-31
Lenovo Yoga 11e 4th Gen Firmware
Lenovo ThinkPad Yoga 11e 5th Gen<2021-10-31
Lenovo ThinkPad Yoga 11e 5th Gen Firmware
Lenovo ThinkPad x250 firmware<2021-10-31
Lenovo ThinkPad x250 firmware
Lenovo ThinkPad x260 firmware<2021-10-31
Lenovo ThinkPad x260 firmware
Lenovo ThinkPad X390 Yoga Firmware<n2let87w
Lenovo ThinkPad X390 Yoga Firmware
Lenovo ThinkPad X280 Firmware<n20et58w
Lenovo ThinkPad X280 Firmware
Lenovo Thinkpad X1 Titanium Firmware<n2met51w
Lenovo ThinkPad X1 Titanium Gen 1
Lenovo ThinkPad x270 firmware<2021-10-29
Lenovo ThinkPad X270
Lenovo ThinkPad X1 Carbon 5th Gen Firmware<n1met66w
Lenovo ThinkPad x1 carbon 5th gen kabylake firmware
Lenovo ThinkPad X13 Firmware<n2yet31w
Lenovo ThinkPad X13
Lenovo ThinkPad X13 Gen 2 Firmware<n35et41w
Lenovo ThinkPad X13 Gen 2i
Lenovo ThinkPad X13 Yoga Gen 1<n2uet56w
Lenovo ThinkPad X13 Yoga Gen 1
Lenovo ThinkPad X13 Yoga Gen 2 Firmware<n39et47w
Lenovo ThinkPad X13 Yoga Gen 2 Firmware
Lenovo ThinkPad X1 Carbon 5th Gen<n1met66w
Lenovo ThinkPad X1 Carbon 5th Gen
Lenovo ThinkPad X1 Yoga 1st Gen Firmware<n1fet76w
Lenovo ThinkPad X1 Yoga 1st Gen Firmware
Lenovo ThinkPad X1 Yoga Gen 3 Firmware<n25et57w
Lenovo ThinkPad X1 Yoga
Lenovo ThinkPad X1 Yoga 4th Gen<n2het64w
Lenovo ThinkPad X1 Yoga
Lenovo ThinkPad X1 Yoga Gen 5<n2wet30w
Lenovo ThinkPad X1 Yoga
Lenovo ThinkPad X1 Carbon 4th Gen Firmware<n1fet76w
Lenovo ThinkPad X1 Carbon (4th Gen)
Lenovo ThinkPad 10 firmware<2021-10-25
Lenovo ThinkPad 10 firmware
Lenovo Thinkpad X1 Nano Gen 1<n2tet67w
Lenovo Thinkpad X1 Nano Gen 1
Lenovo ThinkPad X1 Extreme 2nd Gen Firmware<n2eet54w
Lenovo ThinkPad X1 Extreme (2nd Gen)
Lenovo ThinkPad X1 Extreme 2nd Gen Firmware<n2oet53w
Lenovo ThinkPad X1 Extreme (2nd Gen)
Lenovo ThinkPad X1 Extreme Firmware<n2vet33w
Lenovo ThinkPad X1 Extreme
Lenovo ThinkPad T460s Firmware<n1cet84w
Lenovo ThinkPad T460s Firmware
Lenovo ThinkPad S2 Yoga Gen 6 Firmware<2021-10-31
Lenovo ThinkPad S2 Yoga Gen 6 Firmware
Lenovo ThinkPad X1 Carbon Firmware<n23et78w
Lenovo ThinkPad X1 Carbon Gen 6 Firmware
Lenovo ThinkPad X1 Carbon Gen 7 Firmware<n2het64w
Lenovo ThinkPad X1 Carbon 7th Gen
Lenovo ThinkPad X1 Carbon Gen 8<n2het64w
Lenovo ThinkPad X1 Carbon 8th Gen
Lenovo ThinkPad T560 Firmware<n1ket52w
Lenovo ThinkPad T560 Firmware
Lenovo ThinkPad T460p Firmware<2021-10-29
Lenovo ThinkPad T460p BIOS
Lenovo ThinkPad W550s firmware<n11et54w
Lenovo ThinkPad W550s firmware
Lenovo ThinkPad T590 Firmware<n2iet96w
Lenovo ThinkPad T590
Lenovo ThinkPad T570 Firmware<n1vet57w
Lenovo ThinkPad T570 (20HX) Firmware
Lenovo ThinkPad S2 Yoga Gen 6 Firmware<2021-10-31
Lenovo ThinkPad S2 Yoga Gen 6 Firmware
Lenovo ThinkPad T480 Firmware<n24et65w
Lenovo ThinkPad T480
Lenovo ThinkPad X1 Tablet Firmware<n1let92w
Lenovo ThinkPad X1 Tablet
Lenovo ThinkPad T550 Firmware<n11et54w
Lenovo ThinkPad T550
Lenovo ThinkPad X1 Carbon 3rd Gen<n14et56w
Lenovo ThinkPad X1 Carbon 3rd Gen
Lenovo ThinkPad X1 Tablet Gen 2 Firmware<n1oet56w
Lenovo ThinkPad X1 Tablet Gen 2
Lenovo ThinkPad X1 Tablet Gen 3<2021-10-29
Lenovo ThinkPad X1 Tablet Gen 3 Firmware
Lenovo ThinkPad T580 Firmware<n27et43w
Lenovo ThinkPad T580
Lenovo ThinkPad T480s Firmware<n22et70w
Lenovo ThinkPad T480s Firmware
Lenovo ThinkPad T15<n2xet32w
Lenovo ThinkPad T15
Lenovo ThinkPad T460 firmware<2021-10-31
Lenovo ThinkPad T460 firmware
Lenovo ThinkPad T470 Firmware<n1qet92w
Lenovo ThinkPad T470 (20JX) Firmware
Lenovo ThinkPad T490 Firmware<n2iet96w
Lenovo ThinkPad T490 (20QX)
Lenovo ThinkPad T490s Firmware<n2iet96w
Lenovo ThinkPad T490s Firmware
Lenovo Thinkpad T14s Gen 2 Firmware<n35et41w
Lenovo ThinkPad T14s Gen 2i
Lenovo ThinkPad T14s Firmware<2021-10-15
Lenovo Thinkpad T14s Gen 1
Lenovo ThinkPad T470p firmware<r0fet55w
Lenovo ThinkPad T470p firmware
Lenovo ThinkPad T470s Firmware<2021-10-29
Lenovo ThinkPad T470
Lenovo ThinkPad P71 Firmware<2021-10-29
Lenovo ThinkPad P71 Firmware
Lenovo ThinkPad T440p Firmware<2021-10-29
Lenovo ThinkPad T440p Firmware
Lenovo ThinkPad T15p Gen 2 Firmware<n34et42w
Lenovo ThinkPad T15 Gen 2
Lenovo ThinkPad T15p Gen 1<2021-10-29
Lenovo ThinkPad T15p Gen 1
Lenovo ThinkPad P70 Firmware<n1detb2w
Lenovo ThinkPad P70 BIOS
Lenovo Thinkpad T15g Gen 1<2021-10-29
Lenovo Thinkpad T15g Gen 1 Firmware
Lenovo Thinkpad T14 Gen 1<n2xet32w
Lenovo Thinkpad T14 Gen 1
Lenovo Thinkpad T14 Gen 2<n34et42w
Lenovo Thinkpad T14 Gen 2
Lenovo ThinkPad P73 Firmware<n2net47w
Lenovo ThinkPad P73
Lenovo ThinkPad S540 Firmware<2021-10-25
Lenovo ThinkPad S540 BIOS
Lenovo ThinkPad P72 Firmware<n2cet60w
Lenovo ThinkPad P72 Firmware
Lenovo ThinkPad Firmware<2021-10-31
Lenovo ThinkPad L380
Lenovo ThinkPad S5 2nd Generation Firmware<2021-10-31
Lenovo ThinkPad S5 2nd Gen Firmware
Lenovo Thinkpad P15v Gen 1 Firmware<2021-10-29
Lenovo Thinkpad P15v Gen 1
Lenovo ThinkPad P53 Firmware<n2net47w
Lenovo ThinkPad P53s
Lenovo ThinkPad P53s Firmware<n2iet96w
Lenovo ThinkPad P53s Firmware
Lenovo ThinkPad P43s Firmware<n2iet96w
Lenovo Thinkpad P43s Firmware
Lenovo ThinkPad P51 Firmware<n1uet82w
Lenovo ThinkPad P51
Lenovo ThinkPad P51s (20HX) Firmware<n1vet57w
Lenovo ThinkPad P51s Firmware
Lenovo ThinkPad P50s Firmware<n1eet92w
Lenovo ThinkPad P50 Firmware
Lenovo ThinkPad P52 Firmware<n2cet60w
Lenovo ThinkPad P52
Lenovo ThinkPad P52s Firmware<n27et43w
Lenovo ThinkPad P52s Firmware
Lenovo ThinkPad P50s Firmware<n1ket52w
Lenovo ThinkPad P50s BIOS
Lenovo ThinkPad L570 Firmware<n1xet74w
Lenovo ThinkPad L570 Firmware
Lenovo Thinkpad P17 Gen 1<2021-10-29
Lenovo ThinkPad P17 Gen 1 Firmware
Lenovo ThinkPad L580 Firmware<2021-10-15
Lenovo ThinkPad L580 Firmware
Lenovo ThinkPad P14s Gen 1<n2xet32w
Lenovo ThinkPad P14s Gen 1
Lenovo ThinkPad P14s Gen 2<n34et42w
Lenovo ThinkPad P14s Gen 2
Lenovo ThinkPad P15 Gen 1<2021-10-29
Lenovo ThinkPad P15 Gen 1
Lenovo Thinkpad P15s Gen 1<n2xet32w
Lenovo ThinkPad P15s Gen 1
Lenovo Thinkpad P15s Gen 2 Firmware<n34et42w
Lenovo ThinkPad P15s Gen 2
Lenovo ThinkPad L590 Firmware<2021-10-15
Lenovo ThinkPad L590 Firmware
Lenovo ThinkPad L380 Yoga Firmware<2021-10-31
Lenovo ThinkPad L380 Yoga Firmware
Lenovo ThinkPad L490 Firmware<2021-10-15
Lenovo ThinkPad L490 Firmware
Lenovo ThinkPad L560 Firmware<n1het92w
Lenovo ThinkPad L560 Firmware
Lenovo ThinkPad P1 Firmware<n2eet54w
Lenovo ThinkPad P1 Firmware
Lenovo ThinkPad P1 Firmware<n2oet53w
Lenovo Thinkpad P1 Gen 2
Lenovo ThinkPad P1 Gen 3<n2vet33w
Lenovo ThinkPad P1
Lenovo ThinkPad L480 Firmware<2021-10-15
Lenovo ThinkPad L480
Lenovo ThinkPad L470 Firmware<2021-10-15
Lenovo ThinkPad L470 Firmware
Lenovo ThinkPad L460 Firmware<2021-10-15
Lenovo ThinkPad L460 Firmware
Lenovo ThinkPad E490 Firmware<2021-10-15
Lenovo ThinkPad E490
Lenovo ThinkPad Helix firmware<n17etb6w
Lenovo ThinkPad Helix firmware
Lenovo ThinkPad L390 Yoga Firmware<2021-10-31
Lenovo Thinkpad L390 Firmware
Lenovo ThinkPad L390 Yoga Firmware<2021-10-31
Lenovo ThinkPad L390 Yoga Firmware
Lenovo ThinkPad E15 Gen 3<2021-10-15
Lenovo ThinkPad E15 Gen 3 Firmware
Lenovo Thinkpad L14 Firmware<2021-10-15
Lenovo ThinkPad L14
Lenovo ThinkPad L13 Gen 2<2021-10-31
Lenovo ThinkPad L13 Gen 2 Firmware
Lenovo ThinkPad L15<2021-10-15
Lenovo ThinkPad L15
Lenovo ThinkPad L15 Gen 2 Firmware<2021-10-15
Lenovo ThinkPad L15 Gen 2
Lenovo ThinkPad L13<2021-10-31
Lenovo ThinkPad L13
Lenovo ThinkPad E14 Gen 3<2021-10-15
Lenovo ThinkPad E14 Gen 3 Firmware
Lenovo ThinkPad E590 Firmware<2021-10-15
Lenovo ThinkPad E590
Lenovo ThinkPad E580 Firmware<2021-10-15
Lenovo Thinkpad E580
Lenovo ThinkPad L13 Yoga Gen 2<2021-10-31
Lenovo 13w Yoga Gen 2 Firmware
Lenovo ThinkPad E570p Firmware<2021-10-15
Lenovo ThinkPad E570 Firmware
Lenovo ThinkPad L13 Yoga Gen 4 Firmware<2021-10-31
Lenovo ThinkPad L13 Yoga Gen 1
lenovo ThinkPad yoga 11e 3rd gen firmware<2021-10-31
Lenovo ThinkPad Yoga 11e 3rd Gen
Lenovo ThinkPad E480<2021-10-15
Lenovo ThinkPad E480
Lenovo ThinkPad E14 Firmware<=2021-10-15
Lenovo Thinkpad E14
Lenovo ThinkPad E470 Firmware<2021-10-15
Lenovo ThinkPad E470 Firmware
Lenovo ThinkPad E15 Firmware<2021-10-15
Lenovo ThinkPad E15
Lenovo Thinkpad E15 Gen 2<2021-10-15
Lenovo ThinkPad E15 Gen 2
Lenovo ThinkPad T25 Firmware<n1qet92w
Lenovo ThinkPad 25 Firmware
Lenovo ThinkPad E14 Gen 2 Firmware<2021-10-15
Lenovo ThinkPad E14 Gen 2
Lenovo ThinkPad 13 2nd Gen Firmware<2021-10-31
Lenovo ThinkPad 13 2nd Gen Firmware
Lenovo ThinkPad 11e 4th Gen Celeron Firmware<2021-10-31
Lenovo ThinkPad 11e 4th Gen i7 firmware
Lenovo ThinkPad 11e Yoga Gen 6 Firmware<2021-10-31
Lenovo ThinkPad 11e Yoga Gen 6 Firmware
Lenovo Ideapad Yoga S940-14iwl Firmware<=12.0.81.1753
Lenovo Ideapad Yoga S940-14iwl
Lenovo Yoga S940-14IWL Firmware<=12.0.81.1753
Lenovo Yoga S940-14IWL
Lenovo v330 Firmware<=11.8.86.3877
Lenovo v330-15isk firmware
Lenovo V330 Firmware<=11.8.86.3877
Lenovo v330-15ast
Lenovo v130-15igm firmware<=6vcn42ww
Lenovo v130-15igm firmware
Lenovo ThinkPad X1 Yoga 4th Gen<n2qet42w
Lenovo ThinkPad X1 Carbon Gen 7 Firmware<n2qet42w
Lenovo ThinkPad X1 Carbon Gen 8<n2qet42w

Remedy

https://support.lenovo.com/us/en/product_security/LEN-67440

Remedy

Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-67440.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-3599?

    CVE-2021-3599 is rated as high severity due to its potential to allow an attacker to execute arbitrary code with elevated privileges.

  • How do I fix CVE-2021-3599?

    To fix CVE-2021-3599, update the firmware of the affected Lenovo ThinkPad models to the latest version provided by Lenovo.

  • Which Lenovo devices are affected by CVE-2021-3599?

    CVE-2021-3599 affects various Lenovo ThinkPad models, including but not limited to the X380 Yoga, X1 Fold Gen 1, and Yoga 260.

  • Can CVE-2021-3599 be exploited remotely?

    No, CVE-2021-3599 requires local access to be exploited as it involves an SMI callback function.

  • What are the potential impacts of exploiting CVE-2021-3599?

    Exploiting CVE-2021-3599 could enable an attacker to execute arbitrary code, potentially compromising the system's integrity and confidentiality.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203