CVE-2021-3599

Home/CVE/A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an

CVE

A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an

A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

MEDIUM · CVSS 6.7 EPSS 0.00037

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-20Improper Input Validation

▤

Affected Products & Versions

lenovo thinkpad x380 yoga firmware< 2020-10-31
lenovo thinkpad x1 fold gen 1 firmware< 2021-10-29
lenovo thinkpad yoga 260 firmware< 2021-10-25
lenovo thinkpad yoga 11e 3rd gen firmware< 2021-10-31
lenovo thinkpad yoga 15 firmware< n19et66w
lenovo thinkpad yoga 370 firmware< 2021-10-31
lenovo thinkpad x12 detachable gen 1 firmware< 2021-10-31
lenovo thinkpad x390 firmware< n2jet96w
Show all 60 affected productslenovo thinkpad yoga 11e 4th gen firmware< 2021-10-31
lenovo thinkpad yoga 11e 5th gen firmware< 2021-10-31
lenovo thinkpad x250 firmware< 2021-10-31
lenovo thinkpad x260 firmware< 2021-10-31
lenovo thinkpad x390 yoga firmware< n2let87w
lenovo thinkpad x280 firmware< n20et58w
lenovo thinkpad x1 titanium firmware< n2met51w
lenovo thinkpad x270 firmware< 2021-10-29
lenovo thinkpad x1 carbon 5th gen kabylake firmware< n1met66w
lenovo thinkpad x13 gen 1 firmware< n2yet31w
lenovo thinkpad x13 gen 2 firmware< n35et41w
lenovo thinkpad x13 yoga gen 1 firmware< n2uet56w
lenovo thinkpad x13 yoga gen 2 firmware< n39et47w
lenovo thinkpad x1 carbon 5th gen skylake firmware< n1met66w
lenovo thinkpad x1 yoga 1st gen firmware< n1fet76w
lenovo thinkpad x1 yoga 3rd gen firmware< n25et57w
lenovo thinkpad x1 yoga 4th gen firmware< n2het64w
lenovo thinkpad x1 yoga gen 5 firmware< n2wet30w
lenovo thinkpad x1 carbon 4th gen firmware< n1fet76w
lenovo thinkpad 10 firmware< 2021-10-25
lenovo thinkpad x1 nano gen 1 firmware< n2tet67w
lenovo thinkpad x1 extreme firmware< n2eet54w
lenovo thinkpad x1 extreme 2nd firmware< n2oet53w
lenovo thinkpad x1 extreme gen 3 firmware< n2vet33w
lenovo thinkpad t460s firmware< n1cet84w
lenovo thinkpad s2 gen 6 firmware< 2021-10-31
lenovo thinkpad x1 carbon gen 6 firmware< n23et78w
lenovo thinkpad x1 carbon gen 7 firmware< n2het64w
lenovo thinkpad x1 carbon gen 8 firmware< n2het64w
lenovo thinkpad t560 firmware< n1ket52w
lenovo thinkpad t460p firmware< 2021-10-29
lenovo thinkpad w550s firmware< n11et54w
lenovo thinkpad t590 firmware< n2iet96w
lenovo thinkpad t570 firmware< n1vet57w
lenovo thinkpad s2 yoga gen 6 firmware< 2021-10-31
lenovo thinkpad t480 firmware< n24et65w
lenovo thinkpad x1 tablet firmware< n1let92w
lenovo thinkpad t550 firmware< n11et54w
lenovo thinkpad x1 carbon 3rd gen firmware< n14et56w
lenovo thinkpad x1 tablet gen 2 firmware< n1oet56w
lenovo thinkpad x1 tablet gen 3 firmware< 2021-10-29
lenovo thinkpad t580 firmware< n27et43w
lenovo thinkpad t480s firmware< n22et70w
lenovo thinkpad t15 firmware< n2xet32w
lenovo thinkpad t460 firmware< 2021-10-31
lenovo thinkpad t470 firmware< n1qet92w
lenovo thinkpad t490 firmware< n2iet96w
lenovo thinkpad t490s firmware< n2iet96w
lenovo thinkpad t14s gen 2 firmware< n35et41w
lenovo thinkpad t14s firmware< 2021-10-15
lenovo thinkpad t470p firmware< r0fet55w
lenovo thinkpad t470s firmware< 2021-10-29

▣

Scoring & Timeline

6.7

MEDIUM · CVSS v3.1 · psirt@lenovo.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD12 Nov 2021 · 10:15 PM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://support.lenovo.com/us/en/product_security/LEN-67440PatchVendor Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin