Lenovo Power Management Driver Vulnerabilities - Lenovo Support NL

**Lenovo Security Advisory:**LEN-59174

**Potential Impact:**Privilege escalation, denial of service

**Severity:**Medium

**Scope of Impact:**Lenovo-specific

**CVE Identifier:**CVE-2021-3462, CVE-2021-3463

Summary Description:

The following vulnerabilities were reported in Lenovo Power Management Driver for Windows 10.

CVE-2021-3462: A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10 that could allow unauthorized access to the driver’s device object.

CVE-2021-3463: A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10 that could cause systems to experience a blue screen error.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update to Lenovo Power Management Driver for Windows 10, 32-bit or 64-bit, version 1.67.17.54 or higher for the following models. :

ThinkPad 11e Gen 5 (Machine types: 20LQ, 20LR)
ThinkPad 11e Yoga Gen 6 (Machine types: 20SE, 20SF, 20XV, 20XU)
ThinkPad 13 Gen 2 (Machine types: 20J1, 20J2)
ThinkPad 25
ThinkPad A275, A285, A475, A485
ThinkPad E14 (Machine types: 20RA, 20RB, 20WF, 20WG)
ThinkPad E14 Gen2 (Machine types: 20TA, 20TB)
ThinkPad E15 (Machine types: 20RD, 20RE)
ThinkPad E15 Gen2 (Machine types: 20TD, 20TE)
ThinkPad E470, E470c, E475, E480, E490, E495
ThinkPad E570, E570c, E575, E580, E590, E595
ThinkPad L13 (Machine types: 20R3, 20R4)
ThinkPad L13 Gen 1 (Machine types: 20R3, 20R4)
ThinkPad L13 Gen 2 (Machine types: 20VH, 20VJ)
ThinkPad L13 Yoga (Machine types: 20R5, 20R6)
ThinkPad L13 Yoga Gen 1 (Machine types: 20R5, 20R6)
ThinkPad L13 Yoga Gen 2 (Machine types: 20VK, 20VL)
ThinkPad L14 Gen 1 (Machine types: 20U1, 20U2, 20U5, 20U6)
ThinkPad L14 Gen 2 (Machine types: 20X1, 20X2)
ThinkPad L15 Gen 1 (Machine types: 20U3, 20U4, 20U7, 20U8)
ThinkPad L15 Gen 2 (Machine types: 20X3, 20X4)
ThinkPad L380 (Machine types: 20M5, 20M6)
ThinkPad L380 Yoga (Machine types: 20M7, 20M8)
ThinkPad L390 (Machine types: 20NR, 20NS)
ThinkPad L390 Yoga (Machine types: 20NT, 20NU)
ThinkPad L470, L480, L490
ThinkPad L570, L580, L590
ThinkPad P1 (Machine types: 20MD, 20ME)
ThinkPad P1 Gen 2 (Machine types: 20QT, 20QU)
ThinkPad P1 Gen 3 (Machine types: 20TH, 20TJ)
ThinkPad P14s Gen 1 (Machine types: 20S4, 20S5)
ThinkPad P14s Gen 2 (Machine types: 20W2, 20W3)
ThinkPad P15s Gen 1 (Machine types: 20T4, 20T5)
ThinkPad P15s Gen 2 (Machine types: 20W6, 20W7)
ThinkPad P15v Gen 1 (Machine types: 20TQ, 20TR)
ThinkPad P15 Gen 1 (Machine types: 20ST, 20SU)
ThinkPad P17 Gen 1 (Machine types: 20SN, 20SQ)
ThinkPad P43s (Machine types: 20RH, 20RJ)
ThinkPad P51, P51s, P52, P53, P52s, P53s
ThinkPad P71, P72
ThinkPad P73 (Machine types: 20QR, 20QS)
ThinkPad R14 (Machine types: 20RC)
ThinkPad R14 Gen 2 (Machine types: 20TC)
ThinkPad R480
ThinkPad S1 Gen 4 (Machine types: 20LK, 20LL)
ThinkPad S2 Gen 2 (Machine types: 20J3)
ThinkPad S2 Gen 5 (Machine types: 20R7)
ThinkPad S2 Yoga Gen 5 (Machine types: 20R8)
ThinkPad S2 Gen 6 (Machine types: 20VM)
ThinkPad S2 Yoga Gen 6 (Machine types: 20VN)
ThinkPad S3 Gen 2 (Machine types: 20RG)
ThinkPad S5 Gen 2 (Machine types: 20JA)
ThinkPad T14 Gen 1 (Machine types: 20S0, 20S1, 20UD, 20UE)
ThinkPad T14 Gen 1 Healthcare Edition (Machine types: 20S2, 20S3)
ThinkPad T14 Gen 2 (Machine types: 20W0, 20W1)
ThinkPad T14s Gen 1 (Machine types: 20T0, 20T1, 20UH, 20UJ)
ThinkPad T14s Gen 2i (Machine types: 20WM, 20WN)
ThinkPad T15 Gen 1 (Machine types: 20S6, 20S7)
ThinkPad T15 Gen 2 (Machine types: 20W4, 20W5)
ThinkPad T15g Gen 1 (Machine types: 20UR, 20US)
ThinkPad T15p Gen 1 (Machine types: 20TM, 20TN)
ThinkPad T470, T470p, T470s
ThinkPad T480 (Machine types: 20L5, 20L6)
ThinkPad T480s (Machine types: 20L7, 20L8)
ThinkPad T490 (Machine types: 20N2,20N3,20Q9,20QH,20RY,20RX)
ThinkPad T490s (Machine types: 20NX, 20NY)
ThinkPad T495 (Machine types: 20NJ, 20NK)
ThinkPad T570 (Machine types: 20H9, 20HA)
ThinkPad T580 (Machine types: 20L9, 20LA)
ThinkPad T590 (Machine types: 20N4, 20N5)
ThinkPad X1 Carbon Gen 5 (Machine types: 20HQ,20HR,20K3,20K4)
ThinkPad X1 Carbon Gen 6 (Machine types: 20KH, 20KG)
ThinkPad X1 Carbon Gen 7 (Machine types: 20QD, 20QE, 20R1, 20R2)
ThinkPad X1 Carbon Gen 8 (Machine types: 20U9, 20UA)
ThinkPad X1 Carbon Gen 9 (Machine types: 20XW, 20XX)
ThinkPad X1 Tablet Gen 2 (Machine types: 20JB, 20JC)
ThinkPad X1 Tablet Gen 3 (Machine types: 20KJ, 20KK)
ThinkPad X1 Yoga Gen 2 (Machine types: 20JD,20JE,20JF,20JG)
ThinkPad X1 Yoga Gen 3 (Machine types: 20LD,20LE,20LF,20LG)
ThinkPad X1 Yoga Gen 4 (Machine types: 20QF, 20QG, 20SA ,20SB)
ThinkPad X1 Yoga Gen 5 (Machine types: 20UB, 20UC)
ThinkPad X1 Yoga Gen 6 (Machine types: 20XY, 20YO)
ThinkPad X1 Extreme (Machine types: 20MF, 20MG)
ThinkPad X1 Extreme 2nd (Machine types: 20QV, 20QW)
ThinkPad X1 Extreme Gen 3 (Machine types: 20TK, 20TL)
ThinkPad X1 Nano Gen1 (Machine types: 20UN, 20UQ)
ThinkPad X1 Titanium Gen 1 (Machine types: 20QA, 20QB)
ThinkPad X12 (Machine types: 20UW, 20UV)
ThinkPad X13 Gen 1 (Machine types: 20T2, 20T3, 20UF, 20UG)
ThinkPad X13 Gen 2i (Machine types: 20WK, 20WL)
ThinkPad X13 Yoga Gen 1 (Machine types: 20SX, 20SY)
ThinkPad X13 Yoga Gen 2 (Machine types: 20W8, 20W9)
ThinkPad X270 (Machine types: 20HM, 20HN)
ThinkPad X280 (Machine types: 20KE, 20KF)
ThinkPad X380 Yoga (Machine types: 20LH, 20LJ)
ThinkPad X390 (Machine types: 20Q0, 20Q1)
ThinkPad X390 Yoga (Machine types: 20NN, 20NQ)
ThinkPad X395 (Machine types: 20NL, 20NM)
ThinkPad Yoga 11e Gen 5 (Machine types: 20LM, 20LN)
ThinkPad Yoga 370 (Machine types: 20JH, 20JJ)

Acknowledgement:

Lenovo thanks Aobo Wang of Chaitin Security Research Lab for reporting these issues.

References:

Lenovo Power Management Driver for Windows 10 (64-bit) - ThinkPad: <https://support.lenovo.com/us/en/downloads/ds539633&gt;

Lenovo Power Management Driver for Windows 10 (32-bit) - ThinkPad: <https://support.lenovo.com/us/en/downloads/ds548573&gt;

Revision History:

For a complete list of all Lenovo Product Security Advisories, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.