CVE-2021-3719

Name: CVE-2021-3719
Creator: NVD / NIST
Published: 2021-11-12T22:15:07.957+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.7/10EPSS 0.24%

Last modified Jun 17, 2026

CVE-2021-3719 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code.. EPSS estimates a 0.24% chance of exploitation in the next 30 days.

Description

A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Metrics

CVSS 3.1

6.7/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.24%

15.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Lenovo	Thinkcentre E93 Firmware	< fbktdfa
Lenovo	Thinkcentre M600 Firmware	< m00kt65a
Lenovo	Thinkcentre M700 Tiny Firmware	< fwktb9a
Lenovo	Thinkcentre M73 Firmware	< fhkt86a
Lenovo	Thinkcentre M73p Firmware	< fbktdfa
Lenovo	Thinkcentre M800 Firmware	< fwktb9a
Lenovo	Thinkcentre M818z Firmware	< m1ekt23a
Lenovo	Thinkcentre M83 Firmware	< fbktdfa
Lenovo	Thinkcentre M900 Firmware	< fwktb9a
Lenovo	Thinkcentre M900x Firmware	< fwktb9a
Lenovo	Thinkcentre M93 Firmware	< fbktdfa
Lenovo	Thinkcentre M93p Firmware	< fbktdfa
Lenovo	Thinkcentre M4500q Firmware	< fhkt86a
Lenovo	Thinkcentre M6500t\/S Firmware	< fbktdfa
Lenovo	Thinkcentre M8500t\/S Firmware	< fbktdfa
Lenovo	Thinkcentre X1 Firmware	< m0hkt50a
Lenovo	Thinkstation P300 Firmware	< fbktdfa
Lenovo	Thinkstation P500 Firmware	< a4ktaba
Lenovo	Thinkstation P700 Firmware	< a5ktaba
Lenovo	Thinkstation P900 Firmware	< a6ktaba

References

https://support.lenovo.com/us/en/product_security/LEN-67440Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-67440Vendor Advisory

Timeline

Published: Nov 12, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-3719?

How severe is CVE-2021-3719?

CVE-2021-3719 has a CVSS score of 6.7/10 (MEDIUM severity). The EPSS model estimates a 0.24% probability of exploitation in the next 30 days.

How do I fix CVE-2021-3719?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-3719?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST