Description
A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.lenovo.com/us/en/product_security/LEN-73440
Scores
CVSS v3
6.7
EPSS
0.0123
EPSS Percentile
64.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-489
Status
published
Products (50)
lenovo/ideapad_3-14ada05_firmware
< e8cn33ww
lenovo/ideapad_3-14ada6_firmware
< hbcn21ww
lenovo/ideapad_3-14alc6_firmware
< glcn43ww
lenovo/ideapad_3-14are05_firmware
< dzcn42ww
lenovo/ideapad_3-14igl05_firmware
< emcn52ww
lenovo/ideapad_3-14iil05_firmware
< dvcn23ww
lenovo/ideapad_3-15ada05_firmware
< e8cn33ww
lenovo/ideapad_3-15ada6_firmware
< hbcn21ww
lenovo/ideapad_3-15alc6_firmware
< glcn43ww
lenovo/ideapad_3-15are05_firmware
< dzcn42ww
... and 40 more
Published
Apr 22, 2022
Tracked Since
Feb 18, 2026