CVE-2021-3970

CWE-20Improper Input Validation3 documents3 sources
Severity
6.7MEDIUM
EPSS
0.4%
top 41.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
98
Lenovo Ideapad 3-14ada05 FirmwareLenovo Ideapad 3-14ada6 FirmwareLenovo Ideapad 3-14alc6 Firmware+95 more
Timeline
PublishedApr 22
Latest updateApr 23

Description

A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages98 packages

CVEListV5lenovo/notebook_biosvarious
NVDlenovo/v14-ada_firmware< e8cn33ww
NVDlenovo/v14-are_firmware< dzcn42ww
NVDlenovo/v14-igl_firmware< dvcn23ww
NVDlenovo/v14-iil_firmware< dkcn54ww

🔴Vulnerability Details

2
GHSA
GHSA-2g3v-5cpr-rx7q: A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with2022-04-23
CVEList
CVE-2021-3970: A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with2022-04-22