CVE-2021-3970
MEDIUMLenovo IdeaPad 3 Firmware - Authenticated Arbitrary Code Execution via LenovoVariable SMI Handler
Title source: llmDescription
A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.lenovo.com/us/en/product_security/LEN-73440
Scores
CVSS v3
6.7
EPSS
0.0036
EPSS Percentile
58.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (50)
lenovo/ideapad_3-14ada05_firmware
< e8cn33ww
lenovo/ideapad_3-14ada6_firmware
< hbcn21ww
lenovo/ideapad_3-14alc6_firmware
< glcn43ww
lenovo/ideapad_3-14are05_firmware
< dzcn42ww
lenovo/ideapad_3-14igl05_firmware
< emcn52ww
lenovo/ideapad_3-14iil05_firmware
< dvcn23ww
lenovo/ideapad_3-14iml05_firmware
< dxcn41ww
lenovo/ideapad_3-14itl05_firmware
< gccn26ww
lenovo/ideapad_3-14itl6_firmware
< ggcn33ww
lenovo/ideapad_3-15ada05_firmware
< e8cn33ww
... and 40 more
Published
Apr 22, 2022
Tracked Since
Feb 18, 2026