ThinkPad SMI Callback Function Vulnerability: Local Privilege Escalation and Arbitrary Code Execution

CVE-2021-3599 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Learn more about our Web Application Penetration Testing UK.