CVE-2021-3972

MEDIUM

Lenovo Notebook BIOS - Privilege Escalation

Title source: llm

Description

A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Exploits (1)

nomisec WORKING POC 4 stars

by killvxk · poc

https://github.com/killvxk/CVE-2021-3972

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://support.lenovo.com/us/en/product_security/LEN-73440

Scores

CVSS v3 6.7

EPSS 0.0321

EPSS Percentile 87.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-489

Status published

Products (50)

lenovo/ideapad_3-14ada05_firmware < e8cn33ww

lenovo/ideapad_3-14ada6_firmware < hbcn21ww

lenovo/ideapad_3-14alc6_firmware < glcn43ww

lenovo/ideapad_3-14are05_firmware < dzcn42ww

lenovo/ideapad_3-14igl05_firmware < emcn52ww

lenovo/ideapad_3-14iil05_firmware < dvcn23ww

lenovo/ideapad_3-14iml05_firmware < dxcn41ww

lenovo/ideapad_3-14itl05_firmware < gccn26ww

lenovo/ideapad_3-14itl6_firmware < ggcn33ww

lenovo/ideapad_3-15ada05_firmware < e8cn33ww

... and 40 more

Published Apr 22, 2022

Tracked Since Feb 18, 2026