CVE-2021-3972

MEDIUM

Lenovo Notebook BIOS - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-3972. PoCs published by killvxk.

AI-analyzed exploit summary The repository contains a functional proof-of-concept exploit for CVE-2021-3972, which manipulates UEFI firmware variables to disable Secure Boot and enable legacy boot modes. The code uses `SetFirmwareEnvironmentVariableEx` to modify specific UEFI variables, demonstrating the vulnerability.

Description

A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Exploits (1)

nomisec WORKING POC 4 stars

by killvxk · poc

https://github.com/killvxk/CVE-2021-3972

View Code ZIP pw:eip

The repository contains a functional proof-of-concept exploit for CVE-2021-3972, which manipulates UEFI firmware variables to disable Secure Boot and enable legacy boot modes. The code uses `SetFirmwareEnvironmentVariableEx` to modify specific UEFI variables, demonstrating the vulnerability.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Windows systems with vulnerable UEFI firmware

Auth required

Prerequisites: Administrative privileges on the target system

MITRE ATT&CK

T1542.001 - System Firmware

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://support.lenovo.com/us/en/product_security/LEN-73440

Scores

CVSS v3 6.7

EPSS 0.0292

EPSS Percentile 85.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-489

Status published

Products (50)

lenovo/ideapad_3-14ada05_firmware < e8cn33ww

lenovo/ideapad_3-14ada6_firmware < hbcn21ww

lenovo/ideapad_3-14alc6_firmware < glcn43ww

lenovo/ideapad_3-14are05_firmware < dzcn42ww

lenovo/ideapad_3-14igl05_firmware < emcn52ww

lenovo/ideapad_3-14iil05_firmware < dvcn23ww

lenovo/ideapad_3-14iml05_firmware < dxcn41ww

lenovo/ideapad_3-14itl05_firmware < gccn26ww

lenovo/ideapad_3-14itl6_firmware < ggcn33ww

lenovo/ideapad_3-15ada05_firmware < e8cn33ww

... and 40 more

Published Apr 22, 2022

Tracked Since Feb 18, 2026