CVE-2021-3971

MEDIUM

Lenovo Notebook < - Privilege Escalation

Title source: llm

Description

A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable.

References (1)

[Vendor Advisory] https://support.lenovo.com/us/en/product_security/LEN-73440

Scores

CVSS v3 6.7

EPSS 0.0080

EPSS Percentile 74.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-489

Status published

Products (50)

lenovo/ideapad_3-14ada05_firmware < e8cn33ww

lenovo/ideapad_3-14ada6_firmware < hbcn21ww

lenovo/ideapad_3-14alc6_firmware < glcn43ww

lenovo/ideapad_3-14are05_firmware < dzcn42ww

lenovo/ideapad_3-14igl05_firmware < emcn52ww

lenovo/ideapad_3-14iil05_firmware < dvcn23ww

lenovo/ideapad_3-15ada05_firmware < e8cn33ww

lenovo/ideapad_3-15ada6_firmware < hbcn21ww

lenovo/ideapad_3-15alc6_firmware < glcn43ww

lenovo/ideapad_3-15are05_firmware < dzcn42ww

... and 40 more

Published Apr 22, 2022

Tracked Since Feb 18, 2026