Published: 22/04/2022 Updated: 06/05/2022

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lenovo ideapad_3-14ada05_firmware
lenovo ideapad_3-14ada6_firmware
lenovo ideapad_3-14alc6_firmware
lenovo ideapad_3-14are05_firmware
lenovo ideapad_3-15ada6_firmware
lenovo ideapad_3-15alc6_firmware
lenovo ideapad_3-15are05_firmware
lenovo ideapad_3-15igl05_firmware
lenovo ideapad_3-17ada05_firmware
lenovo ideapad_3-17ada6_firmware
lenovo ideapad_3-17alc6_firmware
lenovo ideapad_3-17are05_firmware
lenovo ideapad_3-17iil05_firmware
lenovo ideapad_3-15ada05_firmware
lenovo l3-15itl6_firmware
lenovo l340-15irh_firmware
lenovo l340-15iwl_firmware
lenovo l340-15iwl_touch_firmware
lenovo l340-17irh_firmware
lenovo l340-17iwl_firmware
lenovo legion_5_pro-16ach6_firmware
lenovo legion_5_pro-16ach6h_firmware
lenovo legion_5_pro-16ith6_firmware
lenovo legion_5_pro-16ith6h_firmware
lenovo legion_5-15ach6_firmware
lenovo legion_5-15ach6a_firmware
lenovo legion_5-15ach6h_firmware
lenovo legion_5-15ith6_firmware
lenovo legion_5-15ith6h_firmware
lenovo legion_5-17ach6_firmware
lenovo legion_5-17ach6h_firmware
lenovo legion_5-17ith6_firmware
lenovo legion_5-17ith6h_firmware
lenovo legion_7-16achg6_firmware
lenovo legion_7-16ithg6_firmware
lenovo legion_y540-15irh_firmware
lenovo legion_y540-15irh-pg0_firmware
lenovo legion_y540-17irh_firmware
lenovo legion_y540-17irh-pg0_firmware
lenovo legion_y545_firmware
lenovo legion_y545-pg0_firmware
lenovo legion_y7000-2019_firmware
lenovo legion_y7000-2019-pg0_firmware
lenovo s145-14api_firmware
lenovo s145-14ast_firmware
lenovo s145-14igm_firmware
lenovo s145-14iil_firmware
lenovo s145-15api_firmware
lenovo s145-15ast_firmware
lenovo s145-15igm_firmware
lenovo s145-15iil_firmware
lenovo s540-13api_firmware
lenovo v14_g2-acl_firmware
lenovo v14-ada_firmware
lenovo v14-are_firmware
lenovo v14-igl_firmware
lenovo v14-iil_firmware
lenovo v140-15iwl_firmware
lenovo v15_g2-alc_firmware
lenovo v15-ada_firmware
lenovo v15-igl_firmware
lenovo v15-iil_firmware
lenovo v17-iil_firmware
lenovo v340-17iwl_firmware
lenovo yoga_slim_7_pro-14ach5_d_firmware
lenovo yoga_slim_7_pro-14ach5_od_firmware
lenovo ideapad_3-14iil05_firmware
lenovo ideapad_3-14igl05_firmware
lenovo ideapad_3-15iil05_firmware
lenovo ideapad_5-15are05_firmware
lenovo ideapad_creator_5-15imh05_firmware
lenovo ideapad_gaming_3-15arh05_firmware
lenovo ideapad_gaming_3-15imh05_firmware

ESET uncovers vulnerabilities in Lenovo laptops

The Register • Richard Speed • 01 Jan 1970

Get our weekly newsletter Firmware updates incoming in response to UEFI threats

Got a Lenovo laptop? You might need to do a swift bit of patching judging by the latest set of vulnerabilities uncovered by security researchers at ESET. Three vulnerabilities were reported today: CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972. The latter two are particularly embarrassing since they are related to UEFI firmware drivers used in the manufacturing process and can be used to disable SPI flash protections or the UEFI Secure Boot feature. "UEFI threats can be extremely stealthy and d...

CVE-2021-3971

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect