high
7.2
CWE
20
Advisory Published
Updated

CVE-2021-3719: Input Validation

First published: Fri Nov 12 2021(Updated: )

A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Lenovo Thinkcentre E93 Firmware<fbktdfa
Lenovo ThinkCentre E93
Lenovo Thinkcentre M600 Firmware<m00kt65a
Lenovo Thinkcentre M600
Lenovo Thinkcentre M700 Tiny Firmware<fwktb9a
Lenovo Thinkcentre M700 Tiny
Lenovo Thinkcentre M73 Firmware<fhkt86a
Lenovo Thinkcentre M73
Lenovo Thinkcentre M73p Firmware<fbktdfa
Lenovo Thinkcentre M73p
Lenovo Thinkcentre M800 Firmware<fwktb9a
Lenovo Thinkcentre M800
Lenovo Thinkcentre M818z Firmware<m1ekt23a
Lenovo Thinkcentre M818z
Lenovo Thinkcentre M83 Firmware<fbktdfa
Lenovo Thinkcentre M83
Lenovo Thinkcentre M900 Firmware<fwktb9a
Lenovo Thinkcentre M900
Lenovo Thinkcentre M900x Firmware<fwktb9a
Lenovo Thinkcentre M900x
Lenovo Thinkcentre M93 Firmware<fbktdfa
Lenovo Thinkcentre M93
Lenovo Thinkcentre M93p Firmware<fbktdfa
Lenovo Thinkcentre M93p
Lenovo Thinkcentre M4500q Firmware<fhkt86a
Lenovo Thinkcentre M4500q
Lenovo Thinkcentre M6500t\/s Firmware<fbktdfa
Lenovo Thinkcentre M6500t\/s
Lenovo Thinkcentre M8500t\/s Firmware<fbktdfa
Lenovo Thinkcentre M8500t\/s
Lenovo Thinkcentre X1 Firmware<m0hkt50a
Lenovo Thinkcentre X1
Lenovo Thinkstation P300 Firmware<fbktdfa
Lenovo Thinkstation P300
Lenovo Thinkstation P500 Firmware<a4ktaba
Lenovo Thinkstation P500
Lenovo Thinkstation P700 Firmware<a5ktaba
Lenovo Thinkstation P700
Lenovo Thinkstation P900 Firmware<a6ktaba
Lenovo Thinkstation P900

Remedy

Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-67440.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2021-3719?

    CVE-2021-3719 is a potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models.

  • How does CVE-2021-3719 affect Lenovo ThinkCentre E93 firmware?

    CVE-2021-3719 affects Lenovo ThinkCentre E93 firmware version up to but not including fbktdfa.

  • How does CVE-2021-3719 affect Lenovo ThinkCentre M600 firmware?

    CVE-2021-3719 affects Lenovo ThinkCentre M600 firmware version up to but not including m00kt65a.

  • What is the severity of CVE-2021-3719?

    CVE-2021-3719 has a severity rating of 6.7 (high).

  • How can I fix CVE-2021-3719?

    To fix CVE-2021-3719, Lenovo has provided a firmware update for the affected ThinkCentre and ThinkStation models. Please refer to the Lenovo Product Security Advisories page for more information and download the appropriate update.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203