CVE-2021-3453

MEDIUM

Lenovo Notebook, ThinkPad, and Desktop Systems - BIOS Module Protection Bypass

Title source: llm

Description

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.

References (1)

[Vendor Advisory] https://support.lenovo.com/us/en/product_security/LEN-65529

Scores

CVSS v3 6.8

EPSS 0.0005

EPSS Percentile 14.6%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-693

Status published

Affected Products (21)

lenovo/thinkpad_helix_firmware

lenovo/thinkpad_t550_firmware

lenovo/thinkpad_w550s_firmware

lenovo/thinkpad_x1_carbon_3rd_gen_firmware

lenovo/thinkpad_x250_firmware

lenovo/thinkpad_yoga_15_firmware

lenovo/730s-13iml_firmware

lenovo/ideapad_1-11igl05_firmware

lenovo/ideapad_1-14igl05_firmware

lenovo/ideapad_s940-14iil_firmware

lenovo/ideapad_s940-14iwl_firmware

lenovo/ideapad_slim_1-11ast-05_firmware

lenovo/ideapad_slim_1-14ast-05_firmware

lenovo/v130-15igm_firmware

lenovo/v330-15ikb_firmware

... and 6 more

Timeline

Published Jul 16, 2021

Tracked Since Feb 18, 2026