Privilege escalation vulnerability...
26
11
Privilege escalation vulnerability in laptops such as Lenovo ThinkPad and Yoga
On December 16th (local time), the overseas media BLEEPINGCOMPUTER reported that laptops such as Lenovo's ThinkPad and Yoga had a privilege escalation bug that allowed an attacker to execute commands with administrator privileges. reported that there is
This flaw has been reported as CVE-2021-3922 and CVE-2021-3969, and version 1.1.20.3 of the "ImControllerService" component in "Lenovo System Interface Foundation" pre-installed on many Lenovo PCs. It is a vulnerability that uses the previous one.
``LenovoSystemInterface Foundation Service'' provides an interface for major functions such as system power management, system optimization, driver and application updates, and system settings to Lenovo applications such as Lenovo Companion, Lenovo Settings, and LenovoID. It is said that Disabling this service may prevent Lenovo applications from working properly.
[December 20th added below]
Lenovo has released a security advisory and a modified version of the IMController component of Lenovo System Interface Foundation regarding this matter.
