A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range.
Conclusion & alert: CVE-2021-3786 is rated Low Risk (22.3/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.23%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.04% | 0.23% | +0.18% |
| 2 | 2025-12-09 | 0.11% | 0.04% | -0.06% |
| 3 | 2025-11-21 | — | 0.11% | — |
Full EPSS history (12 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 4.4 | 3.1 | MEDIUM |
|
0.8 | 3.6 | [email protected] |
| 5.5 | 3.1 | MEDIUM |
|
1.8 | 3.6 | [email protected] |
| 2.1 | 2.0 | LOW |
|
3.9 | 2.9 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| lenovo | thinkpad_x380_yoga_firmware | < 2020-10-31 | cpe:2.3:o:lenovo:thinkpad_x380_yoga_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x1_fold_gen_1_firmware | < 2021-10-29 | cpe:2.3:o:lenovo:thinkpad_x1_fold_gen_1_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_yoga_260_firmware | < 2021-10-25 | cpe:2.3:o:lenovo:thinkpad_yoga_260_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_yoga_11e_3rd_gen_firmware | < 2021-10-31 | cpe:2.3:o:lenovo:thinkpad_yoga_11e_3rd_gen_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_yoga_15_firmware | < n19et66w | cpe:2.3:o:lenovo:thinkpad_yoga_15_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_yoga_370_firmware | < 2021-10-31 | cpe:2.3:o:lenovo:thinkpad_yoga_370_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x12_detachable_gen_1_firmware | < 2021-10-31 | cpe:2.3:o:lenovo:thinkpad_x12_detachable_gen_1_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x390_firmware | < n2jet96w | cpe:2.3:o:lenovo:thinkpad_x390_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_yoga_11e_4th_gen_firmware | < 2021-10-31 | cpe:2.3:o:lenovo:thinkpad_yoga_11e_4th_gen_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_yoga_11e_5th_gen_firmware | < 2021-10-31 | cpe:2.3:o:lenovo:thinkpad_yoga_11e_5th_gen_firmware:*:*:*:*:geminilake-r:*:*:* |
| lenovo | thinkpad_x250_firmware | < 2021-10-31 | cpe:2.3:o:lenovo:thinkpad_x250_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x260_firmware | < 2021-10-31 | cpe:2.3:o:lenovo:thinkpad_x260_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x390_yoga_firmware | < n2let87w | cpe:2.3:o:lenovo:thinkpad_x390_yoga_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x280_firmware | < n20et58w | cpe:2.3:o:lenovo:thinkpad_x280_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x1_titanium_firmware | < n2met51w | cpe:2.3:o:lenovo:thinkpad_x1_titanium_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x270_firmware | < 2021-10-29 | cpe:2.3:o:lenovo:thinkpad_x270_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x1_carbon_5th_gen_kabylake_firmware | < n1met66w | cpe:2.3:o:lenovo:thinkpad_x1_carbon_5th_gen_kabylake_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x13_gen_1_firmware | < n2yet31w | cpe:2.3:o:lenovo:thinkpad_x13_gen_1_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x13_gen_2_firmware | < n35et41w | cpe:2.3:o:lenovo:thinkpad_x13_gen_2_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x13_yoga_gen_1_firmware | < n2uet56w | cpe:2.3:o:lenovo:thinkpad_x13_yoga_gen_1_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x13_yoga_gen_2_firmware | < n39et47w | cpe:2.3:o:lenovo:thinkpad_x13_yoga_gen_2_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x1_carbon_5th_gen_skylake_firmware | < n1met66w | cpe:2.3:o:lenovo:thinkpad_x1_carbon_5th_gen_skylake_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x1_yoga_1st_gen_firmware | < n1fet76w | cpe:2.3:o:lenovo:thinkpad_x1_yoga_1st_gen_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x1_yoga_3rd_gen_firmware | < n25et57w | cpe:2.3:o:lenovo:thinkpad_x1_yoga_3rd_gen_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x1_yoga_4th_gen_firmware | < n2het64w | cpe:2.3:o:lenovo:thinkpad_x1_yoga_4th_gen_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x1_yoga_gen_5_firmware | < n2wet30w | cpe:2.3:o:lenovo:thinkpad_x1_yoga_gen_5_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x1_carbon_4th_gen_firmware | < n1fet76w | cpe:2.3:o:lenovo:thinkpad_x1_carbon_4th_gen_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_10_firmware | < 2021-10-25 | cpe:2.3:o:lenovo:thinkpad_10_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x1_nano_gen_1_firmware | < n2tet67w | cpe:2.3:o:lenovo:thinkpad_x1_nano_gen_1_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x1_extreme_firmware | < n2eet54w | cpe:2.3:o:lenovo:thinkpad_x1_extreme_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x1_extreme_2nd_firmware | < n2oet53w | cpe:2.3:o:lenovo:thinkpad_x1_extreme_2nd_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x1_extreme_gen_3_firmware | < n2vet33w | cpe:2.3:o:lenovo:thinkpad_x1_extreme_gen_3_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_t460s_firmware | < n1cet84w | cpe:2.3:o:lenovo:thinkpad_t460s_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_s2_gen_6_firmware | < 2021-10-31 | cpe:2.3:o:lenovo:thinkpad_s2_gen_6_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x1_carbon_gen_6_firmware | < n23et78w | cpe:2.3:o:lenovo:thinkpad_x1_carbon_gen_6_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x1_carbon_gen_7_firmware | < n2het64w | cpe:2.3:o:lenovo:thinkpad_x1_carbon_gen_7_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x1_carbon_gen_8_firmware | < n2het64w | cpe:2.3:o:lenovo:thinkpad_x1_carbon_gen_8_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_t560_firmware | < n1ket52w | cpe:2.3:o:lenovo:thinkpad_t560_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_t460p_firmware | < 2021-10-29 | cpe:2.3:o:lenovo:thinkpad_t460p_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_w550s_firmware | < n11et54w | cpe:2.3:o:lenovo:thinkpad_w550s_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_t590_firmware | < n2iet96w | cpe:2.3:o:lenovo:thinkpad_t590_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_t570_firmware | < n1vet57w | cpe:2.3:o:lenovo:thinkpad_t570_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_s2_yoga_gen_6_firmware | < 2021-10-31 | cpe:2.3:o:lenovo:thinkpad_s2_yoga_gen_6_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_t480_firmware | < n24et65w | cpe:2.3:o:lenovo:thinkpad_t480_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x1_tablet_firmware | < n1let92w | cpe:2.3:o:lenovo:thinkpad_x1_tablet_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_t550_firmware | < n11et54w | cpe:2.3:o:lenovo:thinkpad_t550_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x1_carbon_3rd_gen_firmware | < n14et56w | cpe:2.3:o:lenovo:thinkpad_x1_carbon_3rd_gen_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x1_tablet_gen_2_firmware | < n1oet56w | cpe:2.3:o:lenovo:thinkpad_x1_tablet_gen_2_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_x1_tablet_gen_3_firmware | < 2021-10-29 | cpe:2.3:o:lenovo:thinkpad_x1_tablet_gen_3_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_t580_firmware | < n27et43w | cpe:2.3:o:lenovo:thinkpad_t580_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_t480s_firmware | < n22et70w | cpe:2.3:o:lenovo:thinkpad_t480s_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_t15_firmware | < n2xet32w | cpe:2.3:o:lenovo:thinkpad_t15_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_t460_firmware | < 2021-10-31 | cpe:2.3:o:lenovo:thinkpad_t460_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_t470_firmware | < n1qet92w | cpe:2.3:o:lenovo:thinkpad_t470_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_t490_firmware | < n2iet96w | cpe:2.3:o:lenovo:thinkpad_t490_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_t490s_firmware | < n2iet96w | cpe:2.3:o:lenovo:thinkpad_t490s_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_t14s_gen_2_firmware | < n35et41w | cpe:2.3:o:lenovo:thinkpad_t14s_gen_2_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_t14s_firmware | < 2021-10-15 | cpe:2.3:o:lenovo:thinkpad_t14s_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_t470p_firmware | < r0fet55w | cpe:2.3:o:lenovo:thinkpad_t470p_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_t470s_firmware | < 2021-10-29 | cpe:2.3:o:lenovo:thinkpad_t470s_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_p71_firmware | < 2021-10-29 | cpe:2.3:o:lenovo:thinkpad_p71_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_t440p_firmware | < 2021-10-29 | cpe:2.3:o:lenovo:thinkpad_t440p_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_t15_gen_2_firmware | < n34et42w | cpe:2.3:o:lenovo:thinkpad_t15_gen_2_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_t15p_gen_1_firmware | < 2021-10-29 | cpe:2.3:o:lenovo:thinkpad_t15p_gen_1_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_p70_firmware | < n1detb2w | cpe:2.3:o:lenovo:thinkpad_p70_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_t15g_gen_1_firmware | < 2021-10-29 | cpe:2.3:o:lenovo:thinkpad_t15g_gen_1_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_t14_gen_1_firmware | < n2xet32w | cpe:2.3:o:lenovo:thinkpad_t14_gen_1_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_t14_gen_2_firmware | < n34et42w | cpe:2.3:o:lenovo:thinkpad_t14_gen_2_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_p73_firmware | < n2net47w | cpe:2.3:o:lenovo:thinkpad_p73_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_s540_firmware | < 2021-10-25 | cpe:2.3:o:lenovo:thinkpad_s540_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_p72_firmware | < n2cet60w | cpe:2.3:o:lenovo:thinkpad_p72_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_l380_firmware | < 2021-10-31 | cpe:2.3:o:lenovo:thinkpad_l380_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_s5_2nd_gen_firmware | < 2021-10-31 | cpe:2.3:o:lenovo:thinkpad_s5_2nd_gen_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_p15v_gen_1_firmware | < 2021-10-29 | cpe:2.3:o:lenovo:thinkpad_p15v_gen_1_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_p53_firmware | < n2net47w | cpe:2.3:o:lenovo:thinkpad_p53_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_p53s_firmware | < n2iet96w | cpe:2.3:o:lenovo:thinkpad_p53s_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_p43s_firmware | < n2iet96w | cpe:2.3:o:lenovo:thinkpad_p43s_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_p51_firmware | < n1uet82w | cpe:2.3:o:lenovo:thinkpad_p51_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_p51s_firmware | < n1vet57w | cpe:2.3:o:lenovo:thinkpad_p51s_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_p50_firmware | < n1eet92w | cpe:2.3:o:lenovo:thinkpad_p50_firmware:*:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-67440 | Patch Vendor Advisory |