CVE-2021-3971

Published: Apr 22, 2022Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable.

Affected (73)

Lenovo

73 products

Ideapad 3 14ada05 Firmware

Ideapad 3 14ada6 Firmware

Ideapad 3 14alc6 Firmware

Ideapad 3 14are05 Firmware

Ideapad 3 15ada6 Firmware

Ideapad 3 15alc6 Firmware

Ideapad 3 15are05 Firmware

Ideapad 3 15igl05 Firmware

Ideapad 3 17ada05 Firmware

Ideapad 3 17ada6 Firmware

Ideapad 3 17alc6 Firmware

Ideapad 3 17are05 Firmware

Ideapad 3 17iil05 Firmware

Ideapad 3 15ada05 Firmware

L3 15itl6 Firmware

L340 15irh Firmware

L340 15iwl Firmware

L340 15iwl Touch Firmware

L340 17irh Firmware

L340 17iwl Firmware

Legion 5 Pro 16ach6 Firmware

Legion 5 Pro 16ach6h Firmware

Legion 5 Pro 16ith6 Firmware

Legion 5 Pro 16ith6h Firmware

Legion 5 15ach6 Firmware

Legion 5 15ach6a Firmware

Legion 5 15ach6h Firmware

Legion 5 15ith6 Firmware

Legion 5 15ith6h Firmware

Legion 5 17ach6 Firmware

Legion 5 17ach6h Firmware

Legion 5 17ith6 Firmware

Legion 5 17ith6h Firmware

Legion 7 16achg6 Firmware

Legion 7 16ithg6 Firmware

Legion Y540 15irh Firmware

Legion Y540 15irh Pg0 Firmware

Legion Y540 17irh Firmware

Legion Y540 17irh Pg0 Firmware

Legion Y545 Firmware

Legion Y545 Pg0 Firmware

Legion Y7000 2019 Firmware

Legion Y7000 2019 Pg0 Firmware

Yoga Slim 7 Pro 14ach5 D Firmware

Yoga Slim 7 Pro 14ach5 Od Firmware

Ideapad 3 14iil05 Firmware

Ideapad 3 14igl05 Firmware

Ideapad 3 15iil05 Firmware

Ideapad 5 15are05 Firmware

Ideapad Creator 5 15imh05 Firmware

Ideapad Gaming 3 15arh05 Firmware

Ideapad Gaming 3 15imh05 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideapad 3 14ada05 Firmware	Before e8cn33ww

Running on/with	Platform Versions
Lenovo Ideapad 3 14ada05	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideapad 3 14ada6 Firmware	Before hbcn21ww

Running on/with	Platform Versions
Lenovo Ideapad 3 14ada6	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideapad 3 14alc6 Firmware	Before glcn43ww

Running on/with	Platform Versions
Lenovo Ideapad 3 14alc6	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideapad 3 14are05 Firmware	Before dzcn42ww

Running on/with	Platform Versions
Lenovo Ideapad 3 14are05	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideapad 3 15ada6 Firmware	Before hbcn21ww

Running on/with	Platform Versions
Lenovo Ideapad 3 15ada6	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideapad 3 15alc6 Firmware	Before glcn43ww

Running on/with	Platform Versions
Lenovo Ideapad 3 15alc6	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideapad 3 15are05 Firmware	Before dzcn42ww

Running on/with	Platform Versions
Lenovo Ideapad 3 15are05	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideapad 3 15igl05 Firmware	Before dvcn23ww

Running on/with	Platform Versions
Lenovo Ideapad 3 15igl05	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideapad 3 17ada05 Firmware	Before e8cn33ww

Running on/with	Platform Versions
Lenovo Ideapad 3 17ada05	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideapad 3 17ada6 Firmware	Before hbcn21ww

Running on/with	Platform Versions
Lenovo Ideapad 3 17ada6	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideapad 3 17alc6 Firmware	Before glcn43ww

Running on/with	Platform Versions
Lenovo Ideapad 3 17alc6	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideapad 3 17are05 Firmware	Before dzcn42ww

Running on/with	Platform Versions
Lenovo Ideapad 3 17are05	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideapad 3 17iil05 Firmware	Before emcn52ww

Running on/with	Platform Versions
Lenovo Ideapad 3 17iil05	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideapad 3 15ada05 Firmware	Before e8cn33ww

Running on/with	Platform Versions
Lenovo Ideapad 3 15ada05	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo L3 15itl6 Firmware	Before gfcn23ww

Running on/with	Platform Versions
Lenovo L3 15itl6	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo L340 15irh Firmware	Before bgcn35ww

Running on/with	Platform Versions
Lenovo L340 15irh	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo L340 15iwl Firmware	Before atcn46ww

Running on/with	Platform Versions
Lenovo L340 15iwl	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo L340 15iwl Touch Firmware	Before atcn46ww

Running on/with	Platform Versions
Lenovo L340 15iwl Touch	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo L340 17irh Firmware	Before bgcn35ww

Running on/with	Platform Versions
Lenovo L340 17irh	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo L340 17iwl Firmware	Before atcn46ww

Running on/with	Platform Versions
Lenovo L340 17iwl	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion 5 Pro 16ach6 Firmware	Before hhcn25ww

Running on/with	Platform Versions
Lenovo Legion 5 Pro 16ach6	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion 5 Pro 16ach6h Firmware	Before gkcn51ww

Running on/with	Platform Versions
Lenovo Legion 5 Pro 16ach6h	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion 5 Pro 16ith6 Firmware	Before h1cn46ww

Running on/with	Platform Versions
Lenovo Legion 5 Pro 16ith6	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion 5 Pro 16ith6h Firmware	Before h1cn46ww

Running on/with	Platform Versions
Lenovo Legion 5 Pro 16ith6h	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion 5 15ach6 Firmware	Before hhcn25ww

Running on/with	Platform Versions
Lenovo Legion 5 15ach6	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion 5 15ach6a Firmware	Before g9cn28ww

Running on/with	Platform Versions
Lenovo Legion 5 15ach6a	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion 5 15ach6h Firmware	Before gkcn51ww

Running on/with	Platform Versions
Lenovo Legion 5 15ach6h	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion 5 15ith6 Firmware	Before h1cn46ww

Running on/with	Platform Versions
Lenovo Legion 5 15ith6	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion 5 15ith6h Firmware	Before h1cn46ww

Running on/with	Platform Versions
Lenovo Legion 5 15ith6h	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion 5 17ach6 Firmware	Before hhcn25ww

Running on/with	Platform Versions
Lenovo Legion 5 17ach6	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion 5 17ach6h Firmware	Before gkcn51ww

Running on/with	Platform Versions
Lenovo Legion 5 17ach6h	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion 5 17ith6 Firmware	Before h1cn46ww

Running on/with	Platform Versions
Lenovo Legion 5 17ith6	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion 5 17ith6h Firmware	Before h1cn46ww

Running on/with	Platform Versions
Lenovo Legion 5 17ith6h	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion 7 16achg6 Firmware	Before gkcn51ww

Running on/with	Platform Versions
Lenovo Legion 7 16achg6	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion 7 16ithg6 Firmware	Before gkcn51ww

Running on/with	Platform Versions
Lenovo Legion 7 16ithg6	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion Y540 15irh Firmware	Before bhcn44ww

Running on/with	Platform Versions
Lenovo Legion Y540 15irh	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion Y540 15irh Pg0 Firmware	Before bhcn44ww

Running on/with	Platform Versions
Lenovo Legion Y540 15irh Pg0	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion Y540 17irh Firmware	Before bhcn44ww

Running on/with	Platform Versions
Lenovo Legion Y540 17irh	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion Y540 17irh Pg0 Firmware	Before bhcn44ww

Running on/with	Platform Versions
Lenovo Legion Y540 17irh Pg0	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion Y545 Firmware	Before bhcn44ww

Running on/with	Platform Versions
Lenovo Legion Y545	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion Y545 Pg0 Firmware	Before bhcn44ww

Running on/with	Platform Versions
Lenovo Legion Y545 Pg0	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion Y7000 2019 Firmware	Before bhcn44ww

Running on/with	Platform Versions
Lenovo Legion Y7000 2019	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion Y7000 2019 Pg0 Firmware	Before bhcn44ww

Running on/with	Platform Versions
Lenovo Legion Y7000 2019 Pg0	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo S145 14api Firmware	Before bucn31ww

Running on/with	Platform Versions
Lenovo S145 14api	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo S145 14ast Firmware	Before aycn26ww

Running on/with	Platform Versions
Lenovo S145 14ast	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo S145 14igm Firmware	Before awcn28ww

Running on/with	Platform Versions
Lenovo S145 14igm	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo S145 14iil Firmware	Before dkcn54ww

Running on/with	Platform Versions
Lenovo S145 14iil	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo S145 15api Firmware	Before bucn31ww

Running on/with	Platform Versions
Lenovo S145 15api	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo S145 15ast Firmware	Before aycn26ww

Running on/with	Platform Versions
Lenovo S145 15ast	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo S145 15igm Firmware	Before awcn28ww

Running on/with	Platform Versions
Lenovo S145 15igm	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo S145 15iil Firmware	Before dkcn54ww

Running on/with	Platform Versions
Lenovo S145 15iil	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo S540 13api Firmware	Before cxcn34ww

Running on/with	Platform Versions
Lenovo S540 13api	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V14 G2 Acl Firmware	Before glcn43ww

Running on/with	Platform Versions
Lenovo V14 G2 Acl	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V14 Ada Firmware	Before e8cn33ww

Running on/with	Platform Versions
Lenovo V14 Ada	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V14 Are Firmware	Before dzcn42ww

Running on/with	Platform Versions
Lenovo V14 Are	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V14 Igl Firmware	Before dvcn23ww

Running on/with	Platform Versions
Lenovo V14 Igl	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V14 Iil Firmware	Before dkcn54ww

Running on/with	Platform Versions
Lenovo V14 Iil	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V140 15iwl Firmware	Before atcn46ww

Running on/with	Platform Versions
Lenovo V140 15iwl	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V15 G2 Alc Firmware	Before glcn43ww

Running on/with	Platform Versions
Lenovo V15 G2 Alc	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V15 Ada Firmware	Before e8cn33ww

Running on/with	Platform Versions
Lenovo V15 Ada	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V15 Igl Firmware	Before dvcn23ww

Running on/with	Platform Versions
Lenovo V15 Igl	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V15 Iil Firmware	Before dkcn54ww

Running on/with	Platform Versions
Lenovo V15 Iil	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V17 Iil Firmware	Before emcn52ww

Running on/with	Platform Versions
Lenovo V17 Iil	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V340 17iwl Firmware	Before atcn46ww

Running on/with	Platform Versions
Lenovo V340 17iwl	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Yoga Slim 7 Pro 14ach5 D Firmware	Before hecn24ww

Running on/with	Platform Versions
Lenovo Yoga Slim 7 Pro 14ach5 D	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Yoga Slim 7 Pro 14ach5 Od Firmware	Before hecn24ww

Running on/with	Platform Versions
Lenovo Yoga Slim 7 Pro 14ach5 Od	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideapad 3 14iil05 Firmware	Before dvcn23ww

Running on/with	Platform Versions
Lenovo Ideapad 3 14iil05	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideapad 3 14igl05 Firmware	Before emcn52ww

Running on/with	Platform Versions
Lenovo Ideapad 3 14igl05	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideapad 3 15iil05 Firmware	Before emcn52ww

Running on/with	Platform Versions
Lenovo Ideapad 3 15iil05	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideapad 5 15are05 Firmware	Before e7cn44ww

Running on/with	Platform Versions
Lenovo Ideapad 5 15are05	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideapad Creator 5 15imh05 Firmware	Before egcn36ww

Running on/with	Platform Versions
Lenovo Ideapad Creator 5 15imh05	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideapad Gaming 3 15arh05 Firmware	Before fccn17ww

Running on/with	Platform Versions
Lenovo Ideapad Gaming 3 15arh05	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideapad Gaming 3 15imh05 Firmware	Before egcn36ww

Running on/with	Platform Versions
Lenovo Ideapad Gaming 3 15imh05	All versions

Related CWEs

CWE-489

Active Debug Code

The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.

References (2)

https://support.lenovo.com/us/en/product_security/LEN-73440

Source: psirt@lenovo.com

Vendor Advisory

https://support.lenovo.com/us/en/product_security/LEN-73440

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.