CVE-2021-3970: A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local…

medium6.7CVSS 3.1

AVLACLPRHUINSUCHIHAH

A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code.

Affected

98 ranges· showing 25

Vendor	Product	Version range	Fixed in
lenovo	ideapad_3-14ada05_firmware	< e8cn33ww	e8cn33ww
lenovo	ideapad_3-14ada6_firmware	< hbcn21ww	hbcn21ww
lenovo	ideapad_3-14alc6_firmware	< glcn43ww	glcn43ww
lenovo	ideapad_3-14are05_firmware	< dzcn42ww	dzcn42ww
lenovo	ideapad_3-14igl05_firmware	< emcn52ww	emcn52ww
lenovo	ideapad_3-14iil05_firmware	< dvcn23ww	dvcn23ww
lenovo	ideapad_3-14iml05_firmware	< dxcn41ww	dxcn41ww
lenovo	ideapad_3-14itl05_firmware	< gccn26ww	gccn26ww
lenovo	ideapad_3-14itl6_firmware	< ggcn33ww	ggcn33ww
lenovo	ideapad_3-15ada05_firmware	< e8cn33ww	e8cn33ww
lenovo	ideapad_3-15ada6_firmware	< hbcn21ww	hbcn21ww
lenovo	ideapad_3-15alc6_firmware	< glcn43ww	glcn43ww
lenovo	ideapad_3-15are05_firmware	< dzcn42ww	dzcn42ww
lenovo	ideapad_3-15igl05_firmware	< dvcn23ww	dvcn23ww
lenovo	ideapad_3-15iil05_firmware	< emcn52ww	emcn52ww
lenovo	ideapad_3-15iml05_firmware	< dxcn41ww	dxcn41ww
lenovo	ideapad_3-15itl05_firmware	< gccn26ww	gccn26ww
lenovo	ideapad_3-15itl6_firmware	< ggcn33ww	ggcn33ww
lenovo	ideapad_3-17ada05_firmware	< e8cn33ww	e8cn33ww
lenovo	ideapad_3-17ada6_firmware	< hbcn21ww	hbcn21ww
lenovo	ideapad_3-17alc6_firmware	< glcn43ww	glcn43ww
lenovo	ideapad_3-17are05_firmware	< dzcn42ww	dzcn42ww
lenovo	ideapad_3-17iil05_firmware	< emcn52ww	emcn52ww
lenovo	ideapad_3-17iml05_firmware	< dxcn41ww	dxcn41ww
lenovo	ideapad_3-17itl6_firmware	< ggcn33ww	ggcn33ww