Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.7
CVSSv3

CVE-2021-3970

Published: 22/04/2022 Updated: 06/05/2022
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Ideapad 3-14ada05 Firmware

Vulnerability Summary

A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

lenovo ideapad_3-14ada05_firmware

lenovo ideapad_3-14ada6_firmware

lenovo ideapad_3-14alc6_firmware

lenovo ideapad_3-14are05_firmware

lenovo ideapad_3-15ada6_firmware

lenovo ideapad_3-15alc6_firmware

lenovo ideapad_3-15are05_firmware

lenovo ideapad_3-15igl05_firmware

lenovo ideapad_3-17ada05_firmware

lenovo ideapad_3-17ada6_firmware

lenovo ideapad_3-17alc6_firmware

lenovo ideapad_3-17are05_firmware

lenovo ideapad_3-17iil05_firmware

lenovo ideapad_3-17itl6_firmware

lenovo ideapad_3-15ada05_firmware

lenovo l3_15iml05_firmware

lenovo l3-15itl6_firmware

lenovo l340-15irh_firmware

lenovo l340-15iwl_firmware

lenovo l340-15iwl_touch_firmware

lenovo l340-17irh_firmware

lenovo l340-17iwl_firmware

lenovo legion_5_pro-16ach6_firmware

lenovo legion_5_pro-16ach6h_firmware

lenovo legion_5_pro-16ith6_firmware

lenovo legion_5_pro-16ith6h_firmware

lenovo legion_5-15ach6_firmware

lenovo legion_5-15ach6a_firmware

lenovo legion_5-15ach6h_firmware

lenovo legion_5-15imh6_firmware

lenovo legion_5-15ith6_firmware

lenovo legion_5-15ith6h_firmware

lenovo legion_5-17ach6_firmware

lenovo legion_5-17ach6h_firmware

lenovo legion_5-17ith6_firmware

lenovo legion_5-17ith6h_firmware

lenovo legion_7-16achg6_firmware

lenovo legion_7-16ithg6_firmware

lenovo legion_s7-15ach6_firmware

lenovo legion_y540-15irh_firmware

lenovo legion_y540-15irh-pg0_firmware

lenovo legion_y540-17irh_firmware

lenovo legion_y540-17irh-pg0_firmware

lenovo legion_y545_firmware

lenovo legion_y545-pg0_firmware

lenovo legion_y7000-2019_firmware

lenovo legion_y7000-2019-pg0_firmware

lenovo s14_g2_itl_firmware

lenovo s145-14api_firmware

lenovo s145-14ast_firmware

lenovo s145-14igm_firmware

lenovo s145-14iil_firmware

lenovo s145-15api_firmware

lenovo s145-15ast_firmware

lenovo s145-15igm_firmware

lenovo s145-15iil_firmware

lenovo s540-13api_firmware

lenovo s540-13iml_firmware -

lenovo slim_7_pro-14ihu5_firmware -

lenovo slim_9-14itl05_firmware -

lenovo v14_g1-iml_firmware

lenovo v14_g2-acl_firmware

lenovo v14_g2-itl_firmware

lenovo v14-ada_firmware

lenovo v14-are_firmware

lenovo v14-igl_firmware

lenovo v14-iil_firmware

lenovo v140-15iwl_firmware

lenovo v15_g1-iml_firmware

lenovo v15_g2-alc_firmware

lenovo v15_g2-itl_firmware

lenovo v15-ada_firmware

lenovo v15-igl_firmware

lenovo v15-iil_firmware

lenovo v17_g2-itl_firmware

lenovo v17-iil_firmware

lenovo v340-17iwl_firmware

lenovo yoga_7-14acn6_firmware

lenovo yoga_c740-14iml_firmware

lenovo yoga_c740-15iml_firmware

lenovo yoga_c940-14iil_firmware -

lenovo yoga_slim_7_pro-14ach5_d_firmware

lenovo yoga_slim_7_pro-14ach5_firmware

lenovo yoga_slim_7_pro-14ach5_o_firmware

lenovo yoga_slim_7_pro-14ach5_od_firmware

lenovo yoga_slim_7_pro-14arh5_firmware

lenovo yoga_slim_7_pro-14ihu5_firmware -

lenovo yoga_slim_7_pro-14ihu5_o_firmware -

lenovo yoga_slim_7_pro-14itl5_firmware -

lenovo yoga_slim_9-14itl05_firmware -

lenovo ideapad_3-14iil05_firmware

lenovo ideapad_3-14igl05_firmware

lenovo ideapad_3-14iml05_firmware

lenovo ideapad_3-14itl05_firmware

lenovo ideapad_3-14itl6_firmware

lenovo ideapad_3-15iil05_firmware

lenovo ideapad_3-15iml05_firmware

lenovo ideapad_3-15itl05_firmware

lenovo ideapad_3-15itl6_firmware

lenovo ideapad_3-17iml05_firmware

lenovo ideapad_5-15are05_firmware

lenovo ideapad_5-15iil05_firmware

lenovo ideapad_creator_5-15imh05_firmware

lenovo ideapad_gaming_3-15arh05_firmware

lenovo ideapad_gaming_3-15imh05_firmware

Recent Articles

ESET uncovers vulnerabilities in Lenovo laptops
The Register • Richard Speed • 01 Jan 1970

Get our weekly newsletter Firmware updates incoming in response to UEFI threats

Got a Lenovo laptop? You might need to do a swift bit of patching judging by the latest set of vulnerabilities uncovered by security researchers at ESET. Three vulnerabilities were reported today: CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972. The latter two are particularly embarrassing since they are related to UEFI firmware drivers used in the manufacturing process and can be used to disable SPI flash protections or the UEFI Secure Boot feature. "UEFI threats can be extremely stealthy and d...

Read more...

References

CWE-20https://support.lenovo.com/us/en/product_security/LEN-73440https://nvd.nist.govhttps://www.theregister.co.uk/2022/04/19/eset_lenovo/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook