CVE-2021-3786

Medium

5.5/10

Summary

A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

References

Advisory Timeline

Published Nov 12, 2021

CVE-2021-3786

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS