What is CVE-2021-3786?

CVE-2021-3786 is a medium-severity vulnerability in Lenovo Ideapad_s940-14iwl, classified under Improper Input Validation. CVSS score: 4.4/10. Published 2021-11-12.

How severe is CVE-2021-3786?

Medium severity. CVSS v3 base score is 4.4 out of 10.

Improper input validation in Lenovo Ideapad_s940-14iwl

CVE-2021-3786

A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.002 (13.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.4 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H.

Affected products

Lenovo Ideapad_s940-14iwl
Lenovo Ideapad_s940-14iwl_firmware
Lenovo Ideapad_yoga_s940-14iwl
Lenovo Ideapad_yoga_s940-14iwl_firmware
Lenovo Notebook And Thinkpad Bios — versions various
Lenovo Thinkpad_10
Lenovo Thinkpad_10_firmware
Lenovo Thinkpad_11e_3rd_gen
Lenovo Thinkpad_11e_3rd_gen_firmware
Lenovo Thinkpad_11e_4th_gen

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

psirt@lenovo.com (Patch, x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2021-3786?: CVE-2021-3786 is a medium-severity vulnerability in Lenovo Ideapad_s940-14iwl, classified under Improper Input Validation. CVSS score: 4.4/10. Published 2021-11-12.
How severe is CVE-2021-3786?: Medium severity. CVSS v3 base score is 4.4 out of 10.