A potential missing authentication vulnerability could allow a local privileged attacker to use WMI commands to arbitrarily trigger a System Management Interrupt handler.
Credits
Lenovo thanks 0xiviel/Eva Crystal (XSource Security) for reporting this vulnerability.