CWE
232
Advisory Published
Updated

CVE-2021-3718

First published: Fri Nov 12 2021(Updated: )

A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Lenovo Thinkpad 11e 3rd Gen Firmware<=1.22
Lenovo Thinkpad 11e 3rd Gen
Microsoft Windows 10
Microsoft Windows 7
Microsoft Windows 8.1
Lenovo Thinkpad 11e 3rd Gen Firmware<=1.29
Lenovo Thinkpad 11e 4th Gen I3 Firmware<=1.22
Lenovo Thinkpad 11e 4th Gen I3
Lenovo Thinkpad 11e 4th Gen I7 Firmware<=1.22
Lenovo Thinkpad 11e 4th Gen I7
Lenovo Thinkpad 11e 4th Gen I5 Firmware<=1.22
Lenovo Thinkpad 11e 4th Gen I5
Lenovo Thinkpad 11e 4th Gen Celeron Firmware<=1.27
Lenovo Thinkpad 11e 4th Gen Celeron
Microsoft Windows 10
Lenovo Thinkpad 11e Yoga Gen 6 Firmware<=1.12
Lenovo Thinkpad 11e Yoga Gen 6
Lenovo Thinkpad 13 Gen 2 Firmware<=1.29
Lenovo Thinkpad 13 Gen 2
Lenovo Thinkpad E490 Firmware<=1.30
Lenovo Thinkpad E490
Lenovo Thinkpad E490s Firmware<=1.30
Lenovo Thinkpad E490s
Lenovo Thinkpad E590 Firmware<=1.30
Lenovo Thinkpad E590
Lenovo Thinkpad L13 Firmware<=1.31
Lenovo Thinkpad L13
Lenovo Thinkpad L13 Gen 2 Firmware<=1.11
Lenovo Thinkpad L13 Gen 2
Lenovo Thinkpad L13 Gen 2 Firmware<=1.08
Lenovo Thinkpad L13 Yoga Firmware<=1.31
Lenovo Thinkpad L13 Yoga
Lenovo Thinkpad L13 Yoga Gen 2 Firmware<=1.11
Lenovo Thinkpad L13 Yoga Gen 2
Lenovo Thinkpad L13 Yoga Gen 2 Firmware<=1.08
Lenovo Thinkpad L14 Gen 1 Firmware<1.15
Lenovo Thinkpad L14 Gen 1
Linux Linux kernel
Lenovo Thinkpad L14 Firmware<1.20.1.17
Lenovo Thinkpad L14
Lenovo Thinkpad L15 Gen 1 Firmware<1.15
Lenovo Thinkpad L15 Gen 1
Lenovo Thinkpad L15 Firmware<1.20.1.17
Lenovo Thinkpad L15
Lenovo Thinkpad L380 Firmware<=1.26
Lenovo Thinkpad L380
Lenovo Thinkpad L380 Yoga Firmware<=1.26
Lenovo Thinkpad L380 Yoga
Lenovo Thinkpad L390 Yoga Firmware<=1.35
Lenovo Thinkpad L390 Yoga
Lenovo Thinkpad L390 Firmware<=1.35
Lenovo Thinkpad L390
Lenovo Thinkpad L490 Firmware<1.26
Lenovo Thinkpad L490
Lenovo Thinkpad L590 Firmware<1.26
Lenovo Thinkpad L590
Lenovo Thinkpad P43s Firmware<n2iet96w
Lenovo Thinkpad P43s
Lenovo Thinkpad P52 Firmware<n2cet60w
Lenovo Thinkpad P52
Lenovo Thinkpad P53s Firmware<n2iet96w
Lenovo Thinkpad P53s
Lenovo Thinkpad P72 Firmware<n2cet60w
Lenovo Thinkpad P72
Lenovo Thinkpad S5 2nd Gen Firmware<=1.28
Lenovo Thinkpad S5 2nd Gen
Lenovo Thinkpad T460 Firmware<=1.43.1.11
Lenovo ThinkPad T460
Microsoft Windows 7
Lenovo Thinkpad T490 Firmware<n2iet96w
Lenovo Thinkpad T490
Lenovo Thinkpad T590 Firmware<n2iet96w
Lenovo Thinkpad T590
Lenovo Thinkpad S2 Gen 6 Firmware<=2021-09-30
Lenovo Thinkpad S2 Gen 6
Lenovo Thinkpad S2 Yoga Gen 6 Firmware<=2021-09-30
Lenovo Thinkpad S2 Yoga Gen 6
Lenovo Thinkpad X12 Detachable Gen 1 Firmware<1.16
Lenovo Thinkpad X12 Detachable Gen 1
Lenovo Thinkpad X260 Firmware<=1.47\/1.15
Lenovo Thinkpad X260
Microsoft Windows 7
Lenovo Thinkpad X380 Yoga Firmware<=1.34
Lenovo Thinkpad X380 Yoga
Lenovo Thinkpad X390 Yoga Firmware<n2let87w
Lenovo Thinkpad X390 Yoga
Lenovo Thinkpad 11e 5th Gen Firmware<=1.13
Lenovo Thinkpad 11e 5th Gen
Lenovo Thinkpad Yoga 370

Remedy

Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-72619.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2021-3718 about?

    CVE-2021-3718 is a denial of service vulnerability in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS.

  • Which ThinkPad models are affected by CVE-2021-3718?

    Lenovo Thinkpad 11e 3rd Gen, Lenovo Thinkpad 11e 4th Gen, Lenovo Thinkpad 11e Yoga Gen 6, and other specific firmware versions mentioned in the vulnerability report.

  • What is the severity level of CVE-2021-3718?

    The severity level of CVE-2021-3718 is rated as medium with a CVSS score of 4.6.

  • How can I mitigate the CVE-2021-3718 vulnerability?

    To mitigate the CVE-2021-3718 vulnerability, it is recommended to visit the reference link provided for updates and patches from Lenovo.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203