First published: Fri Nov 12 2021(Updated: )
A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS.
Credit: psirt@lenovo.com
Affected Software | Affected Version | How to fix |
---|---|---|
Lenovo Thinkpad 11e 3rd Gen Firmware | <=1.22 | |
Lenovo Thinkpad 11e 3rd Gen | ||
Microsoft Windows 10 | ||
Microsoft Windows 7 | ||
Microsoft Windows 8.1 | ||
Lenovo Thinkpad 11e 3rd Gen Firmware | <=1.29 | |
Lenovo Thinkpad 11e 4th Gen I3 Firmware | <=1.22 | |
Lenovo Thinkpad 11e 4th Gen I3 | ||
Lenovo Thinkpad 11e 4th Gen I7 Firmware | <=1.22 | |
Lenovo Thinkpad 11e 4th Gen I7 | ||
Lenovo Thinkpad 11e 4th Gen I5 Firmware | <=1.22 | |
Lenovo Thinkpad 11e 4th Gen I5 | ||
Lenovo Thinkpad 11e 4th Gen Celeron Firmware | <=1.27 | |
Lenovo Thinkpad 11e 4th Gen Celeron | ||
Microsoft Windows 10 | ||
Lenovo Thinkpad 11e Yoga Gen 6 Firmware | <=1.12 | |
Lenovo Thinkpad 11e Yoga Gen 6 | ||
Lenovo Thinkpad 13 Gen 2 Firmware | <=1.29 | |
Lenovo Thinkpad 13 Gen 2 | ||
Lenovo Thinkpad E490 Firmware | <=1.30 | |
Lenovo Thinkpad E490 | ||
Lenovo Thinkpad E490s Firmware | <=1.30 | |
Lenovo Thinkpad E490s | ||
Lenovo Thinkpad E590 Firmware | <=1.30 | |
Lenovo Thinkpad E590 | ||
Lenovo Thinkpad L13 Firmware | <=1.31 | |
Lenovo Thinkpad L13 | ||
Lenovo Thinkpad L13 Gen 2 Firmware | <=1.11 | |
Lenovo Thinkpad L13 Gen 2 | ||
Lenovo Thinkpad L13 Gen 2 Firmware | <=1.08 | |
Lenovo Thinkpad L13 Yoga Firmware | <=1.31 | |
Lenovo Thinkpad L13 Yoga | ||
Lenovo Thinkpad L13 Yoga Gen 2 Firmware | <=1.11 | |
Lenovo Thinkpad L13 Yoga Gen 2 | ||
Lenovo Thinkpad L13 Yoga Gen 2 Firmware | <=1.08 | |
Lenovo Thinkpad L14 Gen 1 Firmware | <1.15 | |
Lenovo Thinkpad L14 Gen 1 | ||
Linux Linux kernel | ||
Lenovo Thinkpad L14 Firmware | <1.20.1.17 | |
Lenovo Thinkpad L14 | ||
Lenovo Thinkpad L15 Gen 1 Firmware | <1.15 | |
Lenovo Thinkpad L15 Gen 1 | ||
Lenovo Thinkpad L15 Firmware | <1.20.1.17 | |
Lenovo Thinkpad L15 | ||
Lenovo Thinkpad L380 Firmware | <=1.26 | |
Lenovo Thinkpad L380 | ||
Lenovo Thinkpad L380 Yoga Firmware | <=1.26 | |
Lenovo Thinkpad L380 Yoga | ||
Lenovo Thinkpad L390 Yoga Firmware | <=1.35 | |
Lenovo Thinkpad L390 Yoga | ||
Lenovo Thinkpad L390 Firmware | <=1.35 | |
Lenovo Thinkpad L390 | ||
Lenovo Thinkpad L490 Firmware | <1.26 | |
Lenovo Thinkpad L490 | ||
Lenovo Thinkpad L590 Firmware | <1.26 | |
Lenovo Thinkpad L590 | ||
Lenovo Thinkpad P43s Firmware | <n2iet96w | |
Lenovo Thinkpad P43s | ||
Lenovo Thinkpad P52 Firmware | <n2cet60w | |
Lenovo Thinkpad P52 | ||
Lenovo Thinkpad P53s Firmware | <n2iet96w | |
Lenovo Thinkpad P53s | ||
Lenovo Thinkpad P72 Firmware | <n2cet60w | |
Lenovo Thinkpad P72 | ||
Lenovo Thinkpad S5 2nd Gen Firmware | <=1.28 | |
Lenovo Thinkpad S5 2nd Gen | ||
Lenovo Thinkpad T460 Firmware | <=1.43.1.11 | |
Lenovo ThinkPad T460 | ||
Microsoft Windows 7 | ||
Lenovo Thinkpad T490 Firmware | <n2iet96w | |
Lenovo Thinkpad T490 | ||
Lenovo Thinkpad T590 Firmware | <n2iet96w | |
Lenovo Thinkpad T590 | ||
Lenovo Thinkpad S2 Gen 6 Firmware | <=2021-09-30 | |
Lenovo Thinkpad S2 Gen 6 | ||
Lenovo Thinkpad S2 Yoga Gen 6 Firmware | <=2021-09-30 | |
Lenovo Thinkpad S2 Yoga Gen 6 | ||
Lenovo Thinkpad X12 Detachable Gen 1 Firmware | <1.16 | |
Lenovo Thinkpad X12 Detachable Gen 1 | ||
Lenovo Thinkpad X260 Firmware | <=1.47\/1.15 | |
Lenovo Thinkpad X260 | ||
Microsoft Windows 7 | ||
Lenovo Thinkpad X380 Yoga Firmware | <=1.34 | |
Lenovo Thinkpad X380 Yoga | ||
Lenovo Thinkpad X390 Yoga Firmware | <n2let87w | |
Lenovo Thinkpad X390 Yoga | ||
Lenovo Thinkpad 11e 5th Gen Firmware | <=1.13 | |
Lenovo Thinkpad 11e 5th Gen | ||
Lenovo Thinkpad Yoga 370 |
Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-72619.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-3718 is a denial of service vulnerability in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS.
Lenovo Thinkpad 11e 3rd Gen, Lenovo Thinkpad 11e 4th Gen, Lenovo Thinkpad 11e Yoga Gen 6, and other specific firmware versions mentioned in the vulnerability report.
The severity level of CVE-2021-3718 is rated as medium with a CVSS score of 4.6.
To mitigate the CVE-2021-3718 vulnerability, it is recommended to visit the reference link provided for updates and patches from Lenovo.