Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-3970
HistoryApr 22, 2022 - 9:15 p.m.

CVE-2021-3970

2022-04-2221:15:09
CWE-20
[email protected]
web.nvd.nist.gov
59
20
cve-2021-3970
lenovovariable smi handler
bios
vulnerability
lenovo notebook
arbitrary code execution

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code.

Affected configurations

NVD
Node
lenovoideapad_3-14ada05_firmwareRange<e8cn33ww
AND
lenovoideapad_3-14ada05Match-
Node
lenovoideapad_3-14ada6_firmwareRange<hbcn21ww
AND
lenovoideapad_3-14ada6Match-
Node
lenovoideapad_3-14alc6_firmwareRange<glcn43ww
AND
lenovoideapad_3-14alc6Match-
Node
lenovoideapad_3-14are05_firmwareRange<dzcn42ww
AND
lenovoideapad_3-14are05Match-
Node
lenovoideapad_3-15ada6_firmwareRange<hbcn21ww
AND
lenovoideapad_3-15ada6Match-
Node
lenovoideapad_3-15alc6_firmwareRange<glcn43ww
AND
lenovoideapad_3-15alc6Match-
Node
lenovoideapad_3-15are05_firmwareRange<dzcn42ww
AND
lenovoideapad_3-15are05Match-
Node
lenovoideapad_3-15igl05_firmwareRange<dvcn23ww
AND
lenovoideapad_3-15igl05Match-
Node
lenovoideapad_3-17ada05_firmwareRange<e8cn33ww
AND
lenovoideapad_3-17ada05Match-
Node
lenovoideapad_3-17ada6_firmwareRange<hbcn21ww
AND
lenovoideapad_3-17ada6Match-
Node
lenovoideapad_3-17alc6_firmwareRange<glcn43ww
AND
lenovoideapad_3-17alc6Match-
Node
lenovoideapad_3-17are05_firmwareRange<dzcn42ww
AND
lenovoideapad_3-17are05Match-
Node
lenovoideapad_3-17iil05_firmwareRange<emcn52ww
AND
lenovoideapad_3-17iil05Match-
Node
lenovoideapad_3-17itl6_firmwareRange<ggcn33ww
AND
lenovoideapad_3-17itl6Match-
Node
lenovoideapad_3-15ada05_firmwareRange<e8cn33ww
AND
lenovoideapad_3-15ada05Match-
Node
lenovol3_15iml05_firmwareRange<ejcn27ww
AND
lenovol3_15iml05Match-
Node
lenovol3-15itl6_firmwareRange<gfcn23ww
AND
lenovol3-15itl6Match-
Node
lenovol340-15irh_firmwareRange<bgcn35ww
AND
lenovol340-15irhMatch-
Node
lenovol340-15iwl_firmwareRange<atcn46ww
AND
lenovol340-15iwlMatch-
Node
lenovol340-15iwl_touch_firmwareRange<atcn46ww
AND
lenovol340-15iwl_touchMatch-
Node
lenovol340-17irh_firmwareRange<bgcn35ww
AND
lenovol340-17irhMatch-
Node
lenovol340-17iwl_firmwareRange<atcn46ww
AND
lenovol340-17iwlMatch-
Node
lenovolegion_5_pro-16ach6_firmwareRange<hhcn25ww
AND
lenovolegion_5_pro-16ach6Match-
Node
lenovolegion_5_pro-16ach6h_firmwareRange<gkcn51ww
AND
lenovolegion_5_pro-16ach6hMatch-
Node
lenovolegion_5_pro-16ith6_firmwareRange<h1cn46ww
AND
lenovolegion_5_pro-16ith6Match-
Node
lenovolegion_5_pro-16ith6h_firmwareRange<h1cn46ww
AND
lenovolegion_5_pro-16ith6hMatch-
Node
lenovolegion_5-15ach6_firmwareRange<hhcn25ww
AND
lenovolegion_5-15ach6Match-
Node
lenovolegion_5-15ach6a_firmwareRange<g9cn28ww
AND
lenovolegion_5-15ach6aMatch-
Node
lenovolegion_5-15ach6h_firmwareRange<gkcn51ww
AND
lenovolegion_5-15ach6hMatch-
Node
lenovolegion_5-15imh6_firmwareRange<g8cn19ww
AND
lenovolegion_5-15imh6Match-
Node
lenovolegion_5-15ith6_firmwareRange<h1cn46ww
AND
lenovolegion_5-15ith6Match-
Node
lenovolegion_5-15ith6h_firmwareRange<h1cn46ww
AND
lenovolegion_5-15ith6hMatch-
Node
lenovolegion_5-17ach6_firmwareRange<hhcn25ww
AND
lenovolegion_5-17ach6Match-
Node
lenovolegion_5-17ach6h_firmwareRange<gkcn51ww
AND
lenovolegion_5-17ach6hMatch-
Node
lenovolegion_5-17ith6_firmwareRange<h1cn46ww
AND
lenovolegion_5-17ith6Match-
Node
lenovolegion_5-17ith6h_firmwareRange<h1cn46ww
AND
lenovolegion_5-17ith6hMatch-
Node
lenovolegion_7-16achg6_firmwareRange<gkcn51ww
AND
lenovolegion_7-16achg6Match-
Node
lenovolegion_7-16ithg6_firmwareRange<gkcn51ww
AND
lenovolegion_7-16ithg6Match-
Node
lenovolegion_s7-15ach6_firmwareRange<hacn35ww
AND
lenovolegion_s7-15ach6Match-
Node
lenovolegion_y540-15irh_firmwareRange<bhcn44ww
AND
lenovolegion_y540-15irhMatch-
Node
lenovolegion_y540-15irh-pg0_firmwareRange<bhcn44ww
AND
lenovolegion_y540-15irh-pg0Match-
Node
lenovolegion_y540-17irh_firmwareRange<bhcn44ww
AND
lenovolegion_y540-17irhMatch-
Node
lenovolegion_y540-17irh-pg0_firmwareRange<bhcn44ww
AND
lenovolegion_y540-17irh-pg0Match-
Node
lenovolegion_y545_firmwareRange<bhcn44ww
AND
lenovolegion_y545Match-
Node
lenovolegion_y545-pg0_firmwareRange<bhcn44ww
AND
lenovolegion_y545-pg0Match-
Node
lenovolegion_y7000-2019_firmwareRange<bhcn44ww
AND
lenovolegion_y7000-2019Match-
Node
lenovolegion_y7000-2019-pg0_firmwareRange<bhcn44ww
AND
lenovolegion_y7000-2019-pg0Match-
Node
lenovos14_g2_itl_firmwareRange<ggcn33ww
AND
lenovos14_g2_itlMatch-
Node
lenovos145-14api_firmwareRange<bucn31ww
AND
lenovos145-14apiMatch-
Node
lenovos145-14ast_firmwareRange<aycn26ww
AND
lenovos145-14astMatch-
Node
lenovos145-14igm_firmwareRange<awcn28ww
AND
lenovos145-14igmMatch-
Node
lenovos145-14iil_firmwareRange<dkcn54ww
AND
lenovos145-14iilMatch-
Node
lenovos145-15api_firmwareRange<bucn31ww
AND
lenovos145-15apiMatch-
Node
lenovos145-15ast_firmwareRange<aycn26ww
AND
lenovos145-15astMatch-
Node
lenovos145-15igm_firmwareRange<awcn28ww
AND
lenovos145-15igmMatch-
Node
lenovos145-15iil_firmwareRange<dkcn54ww
AND
lenovos145-15iilMatch-
Node
lenovos540-13api_firmwareRange<cxcn34ww
AND
lenovos540-13apiMatch-
Node
lenovos540-13iml_firmwareMatch-
AND
lenovos540-13imlMatch-
Node
lenovoslim_7_pro-14ihu5_firmwareMatch-
AND
lenovoslim_7_pro-14ihu5Match-
Node
lenovoslim_9-14itl05_firmwareMatch-
AND
lenovoslim_9-14itl05Match-
Node
lenovov14_g1-iml_firmwareRange<dxcn41ww
AND
lenovov14_g1-imlMatch-
Node
lenovov14_g2-acl_firmwareRange<glcn43ww
AND
lenovov14_g2-aclMatch-
Node
lenovov14_g2-itl_firmwareRange<ggcn33ww
AND
lenovov14_g2-itlMatch-
Node
lenovov14-ada_firmwareRange<e8cn33ww
AND
lenovov14-adaMatch-
Node
lenovov14-are_firmwareRange<dzcn42ww
AND
lenovov14-areMatch-
Node
lenovov14-igl_firmwareRange<dvcn23ww
AND
lenovov14-iglMatch-
Node
lenovov14-iil_firmwareRange<dkcn54ww
AND
lenovov14-iilMatch-
Node
lenovov140-15iwl_firmwareRange<atcn46ww
AND
lenovov140-15iwlMatch-
Node
lenovov15_g1-iml_firmwareRange<dxcn41ww
AND
lenovov15_g1-imlMatch-
Node
lenovov15_g2-alc_firmwareRange<glcn43ww
AND
lenovov15_g2-alcMatch-
Node
lenovov15_g2-itl_firmwareRange<ggcn33ww
AND
lenovov15_g2-itlMatch-
Node
lenovov15-ada_firmwareRange<e8cn33ww
AND
lenovov15-adaMatch-
Node
lenovov15-igl_firmwareRange<dvcn23ww
AND
lenovov15-iglMatch-
Node
lenovov15-iil_firmwareRange<dkcn54ww
AND
lenovov15-iilMatch-
Node
lenovov17_g2-itl_firmwareRange<ggcn33ww
AND
lenovov17_g2-itlMatch-
Node
lenovov17-iil_firmwareRange<emcn52ww
AND
lenovov17-iilMatch-
Node
lenovov340-17iwl_firmwareRange<atcn46ww
AND
lenovov340-17iwlMatch-
Node
lenovoyoga_7-14acn6_firmwareRange<h9cn26ww
AND
lenovoyoga_7-14acn6Match-
Node
lenovoyoga_c740-14iml_firmwareRange<bncn44ww
AND
lenovoyoga_c740-14imlMatch-
Node
lenovoyoga_c740-15iml_firmwareRange<bncn44ww
AND
lenovoyoga_c740-15imlMatch-
Node
lenovoyoga_c940-14iil_firmwareMatch-
AND
lenovoyoga_c940-14iilMatch-
Node
lenovoyoga_slim_7_pro-14ach5_d_firmwareRange<hecn24ww
AND
lenovoyoga_slim_7_pro-14ach5_dMatch-
Node
lenovoyoga_slim_7_pro-14ach5_firmwareRange<gzcn27ww
AND
lenovoyoga_slim_7_pro-14ach5Match-
Node
lenovoyoga_slim_7_pro-14ach5_o_firmwareRange<gzcn27ww
AND
lenovoyoga_slim_7_pro-14ach5_oMatch-
Node
lenovoyoga_slim_7_pro-14ach5_od_firmwareRange<hecn24ww
AND
lenovoyoga_slim_7_pro-14ach5_odMatch-
Node
lenovoyoga_slim_7_pro-14arh5_firmwareRange<g7cn21ww
AND
lenovoyoga_slim_7_pro-14arh5Match-
Node
lenovoyoga_slim_7_pro-14ihu5_firmwareMatch-
AND
lenovoyoga_slim_7_pro-14ihu5Match-
Node
lenovoyoga_slim_7_pro-14ihu5_o_firmwareMatch-
AND
lenovoyoga_slim_7_pro-14ihu5_oMatch-
Node
lenovoyoga_slim_7_pro-14itl5_firmwareMatch-
AND
lenovoyoga_slim_7_pro-14itl5Match-
Node
lenovoyoga_slim_9-14itl05_firmwareMatch-
AND
lenovoyoga_slim_9-14itl05Match-
Node
lenovoideapad_3-14iil05_firmwareRange<dvcn23ww
AND
lenovoideapad_3-14iil05Match-
Node
lenovoideapad_3-14igl05_firmwareRange<emcn52ww
AND
lenovoideapad_3-14igl05Match-
Node
lenovoideapad_3-14iml05_firmwareRange<dxcn41ww
AND
lenovoideapad_3-14iml05Match-
Node
lenovoideapad_3-14itl05_firmwareRange<gccn26ww
AND
lenovoideapad_3-14itl05Match-
Node
lenovoideapad_3-14itl6_firmwareRange<ggcn33ww
AND
lenovoideapad_3-14itl6Match-
Node
lenovoideapad_3-15iil05_firmwareRange<emcn52ww
AND
lenovoideapad_3-15iil05Match-
Node
lenovoideapad_3-15iml05_firmwareRange<dxcn41ww
AND
lenovoideapad_3-15iml05Match-
Node
lenovoideapad_3-15itl05_firmwareRange<gccn26ww
AND
lenovoideapad_3-15itl05Match-
Node
lenovoideapad_3-15itl6_firmwareRange<ggcn33ww
AND
lenovoideapad_3-15itl6Match-
Node
lenovoideapad_3-17iml05_firmwareRange<dxcn41ww
AND
lenovoideapad_3-17iml05Match-
Node
lenovoideapad_5-15are05_firmwareRange<e7cn44ww
AND
lenovoideapad_5-15are05Match-
Node
lenovoideapad_5-15iil05_firmwareRange<dpcn54ww
AND
lenovoideapad_5-15iil05Match-
Node
lenovoideapad_creator_5-15imh05_firmwareRange<egcn36ww
AND
lenovoideapad_creator_5-15imh05Match-
Node
lenovoideapad_gaming_3-15arh05_firmwareRange<fccn17ww
AND
lenovoideapad_gaming_3-15arh05Match-
Node
lenovoideapad_gaming_3-15imh05_firmwareRange<egcn36ww
AND
lenovoideapad_gaming_3-15imh05Match-

CNA Affected

[
  {
    "product": "Notebook BIOS",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

Social References

More

Related

nvd 1
cvelist 1
prion 1
thn 3
malwarebytes 1
nvd
nvd
CVE-2021-3970
2022-04-22 21:15:09
cvelist
cvelist
CVE-2021-3970
2022-04-22 20:30:37
prion
prion
Input validation
2022-04-22 21:15:00
thn
thn
New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops
2022-04-19 12:31:00
New UEFI Firmware Vulnerabilities Impact Several Lenovo Notebook Models
2022-07-13 11:47:00
New UEFI Firmware Flaws Reported in Several Lenovo Notebook Models
2022-11-10 06:36:00
malwarebytes
malwarebytes
Lenovo issues fixes for laptop backdoors
2022-04-21 15:11:05

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for CVE-2021-3970
nvd1cvelist1prion1thn3malwarebytes1