CVE-2021-3972

MEDIUMMonitor

Published:Apr 22, 2022(4 years ago)

Modified:Nov 21, 2024

Local AccessNo InteractionLow Complexity

Vulnerability Description

A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Attack Characteristics

Local AccessLow ComplexityHigh PrivilegesNo User Interaction

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

105

Vendor	Product	Versions	Fixed In
lenovo	ideapad_3-14ada05_firmware	e8cn33ww	-
lenovo	ideapad_3-14ada6_firmware	hbcn21ww	-
lenovo	ideapad_3-14alc6_firmware

Timeline

Published
CVE disclosed publicly
Apr 22, 20224 years ago
Last Modified
Most recent update
Nov 21, 20241 year ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20261 month ago

References

https://support.lenovo.com/us/en/product_security/LEN-73440Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-73440Vendor Advisory

CVSS Score

v3.1

6.7/ 10.0

MEDIUM

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

At a Glance

105

Affected Products

References

lenovo / ideapad_3-14ada05_firmware

CVE-2021-3972

Vulnerability Description

Attack Characteristics

Affected Software

Timeline

References

CVSS Score

At a Glance

Official Sources

CVSS v3 Vector

Impact Analysis

CVE-2021-3972

✦ Vulnerability Description

Attack Characteristics

Affected Software

Timeline

References

CVSS Score

At a Glance

Official Sources

CVSS v3 Vector

Impact Analysis

Vulnerability Description