409
VMScore

CVE-2021-3971

Published: 22/04/2022 Updated: 06/05/2022
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

lenovo ideapad 3-14ada05 firmware

lenovo ideapad 3-14ada6 firmware

lenovo ideapad 3-14alc6 firmware

lenovo ideapad 3-14are05 firmware

lenovo ideapad 3-15ada6 firmware

lenovo ideapad 3-15alc6 firmware

lenovo ideapad 3-15are05 firmware

lenovo ideapad 3-15igl05 firmware

lenovo ideapad 3-17ada05 firmware

lenovo ideapad 3-17ada6 firmware

lenovo ideapad 3-17alc6 firmware

lenovo ideapad 3-17are05 firmware

lenovo ideapad 3-17iil05 firmware

lenovo ideapad 3-15ada05 firmware

lenovo l3-15itl6 firmware

lenovo l340-15irh firmware

lenovo l340-15iwl firmware

lenovo l340-15iwl touch firmware

lenovo l340-17irh firmware

lenovo l340-17iwl firmware

lenovo legion 5 pro-16ach6 firmware

lenovo legion 5 pro-16ach6h firmware

lenovo legion 5 pro-16ith6 firmware

lenovo legion 5 pro-16ith6h firmware

lenovo legion 5-15ach6 firmware

lenovo legion 5-15ach6a firmware

lenovo legion 5-15ach6h firmware

lenovo legion 5-15ith6 firmware

lenovo legion 5-15ith6h firmware

lenovo legion 5-17ach6 firmware

lenovo legion 5-17ach6h firmware

lenovo legion 5-17ith6 firmware

lenovo legion 5-17ith6h firmware

lenovo legion 7-16achg6 firmware

lenovo legion 7-16ithg6 firmware

lenovo legion y540-15irh firmware

lenovo legion y540-15irh-pg0 firmware

lenovo legion y540-17irh firmware

lenovo legion y540-17irh-pg0 firmware

lenovo legion y545 firmware

lenovo legion y545-pg0 firmware

lenovo legion y7000-2019 firmware

lenovo legion y7000-2019-pg0 firmware

lenovo s145-14api firmware

lenovo s145-14ast firmware

lenovo s145-14igm firmware

lenovo s145-14iil firmware

lenovo s145-15api firmware

lenovo s145-15ast firmware

lenovo s145-15igm firmware

lenovo s145-15iil firmware

lenovo s540-13api firmware

lenovo v14 g2-acl firmware

lenovo v14-ada firmware

lenovo v14-are firmware

lenovo v14-igl firmware

lenovo v14-iil firmware

lenovo v140-15iwl firmware

lenovo v15 g2-alc firmware

lenovo v15-ada firmware

lenovo v15-igl firmware

lenovo v15-iil firmware

lenovo v17-iil firmware

lenovo v340-17iwl firmware

lenovo yoga slim 7 pro-14ach5 d firmware

lenovo yoga slim 7 pro-14ach5 od firmware

lenovo ideapad 3-14iil05 firmware

lenovo ideapad 3-14igl05 firmware

lenovo ideapad 3-15iil05 firmware

lenovo ideapad 5-15are05 firmware

lenovo ideapad creator 5-15imh05 firmware

lenovo ideapad gaming 3-15arh05 firmware

lenovo ideapad gaming 3-15imh05 firmware

Recent Articles

ESET uncovers vulnerabilities in Lenovo laptops
The Register • Richard Speed • 01 Jan 1970

Get our weekly newsletter Firmware updates incoming in response to UEFI threats

Got a Lenovo laptop? You might need to do a swift bit of patching judging by the latest set of vulnerabilities uncovered by security researchers at ESET. Three vulnerabilities were reported today: CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972. The latter two are particularly embarrassing since they are related to UEFI firmware drivers used in the manufacturing process and can be used to disable SPI flash protections or the UEFI Secure Boot feature. "UEFI threats can be extremely stealthy and d...