Risk | Low |
Patch available | YES |
Number of vulnerabilities | 3 |
CVE-ID | CVE-2021-3970 CVE-2021-3971 CVE-2021-3972 |
CWE-ID | CWE-20 CWE-264 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
IdeaPad 3 15ADA05 Hardware solutions / Firmware IdeaPad 3-14ADA05 Hardware solutions / Firmware IdeaPad 3-14ADA6 Hardware solutions / Firmware IdeaPad 3-14ALC6 Hardware solutions / Firmware IdeaPad 3-14ARE05 Hardware solutions / Firmware IdeaPad 3-15ADA6 Hardware solutions / Firmware IdeaPad 3-15ALC6 Hardware solutions / Firmware IdeaPad 3-15ARE05 Hardware solutions / Firmware IdeaPad 3-15IGL05 Hardware solutions / Firmware IdeaPad 3-17ADA05 Hardware solutions / Firmware IdeaPad 3-17ADA6 Hardware solutions / Firmware IdeaPad 3-17ALC6 Hardware solutions / Firmware IdeaPad 3-17ARE05 Hardware solutions / Firmware IdeaPad 3-17IIL05 Hardware solutions / Firmware ideapad L3-15ITL6 Hardware solutions / Firmware ideapad L340-15IRH Gaming Hardware solutions / Firmware ideapad L340-15IWL Hardware solutions / Firmware ideapad L340-15IWL Touch Hardware solutions / Firmware ideapad L340-17IRH Gaming Hardware solutions / Firmware ideapad L340-17IWL Hardware solutions / Firmware Lenovo Legion 5 Pro-16ACH6 Hardware solutions / Firmware Lenovo Legion 5 Pro-16ACH6H Hardware solutions / Firmware Lenovo Legion 5 Pro-16ITH6 Hardware solutions / Firmware Lenovo Legion 5 Pro-16ITH6H Hardware solutions / Firmware Lenovo Legion 5-15ACH6 Hardware solutions / Firmware Lenovo Legion 5-15ACH6A Hardware solutions / Firmware Lenovo Legion 5-15ACH6H Hardware solutions / Firmware Lenovo Legion 5-15ITH6 Hardware solutions / Firmware Lenovo Legion 5-15ITH6H Hardware solutions / Firmware Lenovo Legion 5-17ACH6 Hardware solutions / Firmware Lenovo Legion 5-17ACH6H Hardware solutions / Firmware Lenovo Legion 5-17ITH6 Hardware solutions / Firmware Lenovo Legion 5-17ITH6H Hardware solutions / Firmware Lenovo Legion 7-16ACHg6 Hardware solutions / Firmware Lenovo Legion 7-16ITHg6 Hardware solutions / Firmware Lenovo Legion S7-15ACH6 Hardware solutions / Firmware Lenovo Legion Y540-15IRH Hardware solutions / Firmware Lenovo Legion Y540-15IRH-PG0 Hardware solutions / Firmware Lenovo Legion Y540-17IRH Hardware solutions / Firmware Lenovo Legion Y540-17IRH-PG0 Hardware solutions / Firmware Lenovo Legion Y545 Hardware solutions / Firmware Lenovo Legion Y545-PG0 Hardware solutions / Firmware Lenovo Legion Y7000-2019 Hardware solutions / Firmware Lenovo Legion Y7000-2019-PG0 Hardware solutions / Firmware ideapad S145-14API Hardware solutions / Firmware ideapad S145-14AST Hardware solutions / Firmware ideapad S145-14IGM Hardware solutions / Firmware ideapad S145-14IIL Hardware solutions / Firmware ideapad S145-15API Hardware solutions / Firmware ideapad S145-15AST Hardware solutions / Firmware ideapad S145-15IGM Hardware solutions / Firmware ideapad S145-15IIL Hardware solutions / Firmware ideapad S540-13API Hardware solutions / Firmware Lenovo V14 G2-ALC Hardware solutions / Firmware Lenovo V14-ADA Hardware solutions / Firmware Lenovo V14-ARE Hardware solutions / Firmware Lenovo V14-IGL Hardware solutions / Firmware Lenovo V14-IIL Hardware solutions / Firmware V140-15IWL Hardware solutions / Firmware Lenovo V15 G2-ALC Hardware solutions / Firmware Lenovo V15-ADA Hardware solutions / Firmware Lenovo V15-IGL Hardware solutions / Firmware Lenovo V15-IIL Hardware solutions / Firmware Lenovo V17-IIL Hardware solutions / Firmware Lenovo V340-17IWL Hardware solutions / Firmware Yoga Slim 7 Pro-14ACH5 D Hardware solutions / Firmware Yoga Slim 7 Pro-14ACH5 OD Hardware solutions / Firmware ideapad Yoga Slim 7 Pro-14ARH5 Hardware solutions / Firmware ideapad 3-14IGL05 Hardware solutions / Firmware ideapad 3-14IIL05 Hardware solutions / Firmware ideapad 3-15IIL05 Hardware solutions / Firmware ideapad 5-15ARE05 Hardware solutions / Firmware ideapad Creator 5-15IMH05 Hardware solutions / Firmware ideapad Gaming 3-15ARH05 Hardware solutions / Firmware ideapad Gaming 3-15IMH05 Hardware solutions / Firmware |
Vendor |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
EUVDB-ID: #VU62364
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3970
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in LenovoVariable SMI Handler. A local user can run a specially crafted program to execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsIdeaPad 3 15ADA05: before E8CN33WW
IdeaPad 3-14ADA05: before E8CN33WW
IdeaPad 3-14ADA6: before HBCN21WW
IdeaPad 3-14ALC6: before GLCN43WW
IdeaPad 3-14ARE05: before DZCN42WW
IdeaPad 3-15ADA6: before HBCN21WW
IdeaPad 3-15ALC6: before GLCN43WW
IdeaPad 3-15ARE05: before DZCN42WW
IdeaPad 3-15IGL05: before DVCN23WW
IdeaPad 3-17ADA05: before E8CN33WW
IdeaPad 3-17ADA6: before HBCN21WW
IdeaPad 3-17ALC6: before GLCN43WW
IdeaPad 3-17ARE05: before DZCN42WW
IdeaPad 3-17IIL05: before EMCN52WW
ideapad L3-15ITL6: before GFCN23WW
ideapad L340-15IRH Gaming: before BGCN35WW
ideapad L340-15IWL: before ATCN46WW
ideapad L340-15IWL Touch: before ATCN46WW
ideapad L340-17IRH Gaming: before BGCN35WW
ideapad L340-17IWL: before ATCN46WW
Lenovo Legion 5 Pro-16ACH6: before HHCN25WW
Lenovo Legion 5 Pro-16ACH6H: before GKCN51WW
Lenovo Legion 5 Pro-16ITH6: before H1CN46WW
Lenovo Legion 5 Pro-16ITH6H: before H1CN46WW
Lenovo Legion 5-15ACH6: before HHCN25WW
Lenovo Legion 5-15ACH6A: before G9CN28WW
Lenovo Legion 5-15ACH6H: before GKCN51WW
Lenovo Legion 5-15ITH6: before H1CN46WW
Lenovo Legion 5-15ITH6H: before H1CN46WW
Lenovo Legion 5-17ACH6: before HHCN25WW
Lenovo Legion 5-17ACH6H: before GKCN51WW
Lenovo Legion 5-17ITH6: before H1CN46WW
Lenovo Legion 5-17ITH6H: before H1CN46WW
Lenovo Legion 7-16ACHg6: before GKCN51WW
Lenovo Legion 7-16ITHg6: before H1CN46WW
Lenovo Legion S7-15ACH6: before HACN35WW
Lenovo Legion Y540-15IRH: before BHCN44WW
Lenovo Legion Y540-15IRH-PG0: before BHCN44WW
Lenovo Legion Y540-17IRH: before BHCN44WW
Lenovo Legion Y540-17IRH-PG0: before BHCN44WW
Lenovo Legion Y545: before BHCN44WW
Lenovo Legion Y545-PG0: before BHCN44WW
Lenovo Legion Y7000-2019: before BHCN44WW
Lenovo Legion Y7000-2019-PG0: before BHCN44WW
ideapad S145-14API: before BUCN31WW
ideapad S145-14AST: before AYCN26WW
ideapad S145-14IGM: before AWCN28WW
ideapad S145-14IIL: before DKCN54WW
ideapad S145-15API: before BUCN31WW
ideapad S145-15AST: before AYCN26WW
ideapad S145-15IGM: before AWCN28WW
ideapad S145-15IIL: before DKCN54WW
ideapad S540-13API: before CXCN34WW
Lenovo V14 G2-ALC: before GLCN43WW
Lenovo V14-ADA: before E8CN33WW
Lenovo V14-ARE: before DZCN42WW
Lenovo V14-IGL: before DVCN23WW
Lenovo V14-IIL: before DKCN54WW
V140-15IWL: before ATCN46WW
Lenovo V15 G2-ALC: before GLCN43WW
Lenovo V15-ADA: before E8CN33WW
Lenovo V15-IGL: before DVCN23WW
Lenovo V15-IIL: before DKCN54WW
Lenovo V17-IIL: before EMCN52WW
Lenovo V340-17IWL: before ATCN46WW
Yoga Slim 7 Pro-14ACH5 D: before HECN24WW
Yoga Slim 7 Pro-14ACH5 OD: before HECN24WW
ideapad Yoga Slim 7 Pro-14ARH5: before G7CN21WW
ideapad 3-14IGL05: before DVCN23WW
ideapad 3-14IIL05: before EMCN52WW
ideapad 3-15IIL05: before EMCN52WW
ideapad 5-15ARE05: before E7CN44WW
ideapad Creator 5-15IMH05: before EGCN36WW
ideapad Gaming 3-15ARH05: before FCCN17WW
ideapad Gaming 3-15IMH05: before EGCN36WW
External linkshttp://support.lenovo.com/lu/uk/product_security/LEN-73440
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU62365
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3971
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an error in driver used during older manufacturing processes and was mistakenly included in the BIOS image. A local privileged user can modify firmware protection region by changing an NVRAM variable and bypass implemented security restrictions.
Install updates from vendor's website.
Vulnerable software versionsIdeaPad 3 15ADA05: before E8CN33WW
IdeaPad 3-14ADA05: before E8CN33WW
IdeaPad 3-14ADA6: before HBCN21WW
IdeaPad 3-14ALC6: before GLCN43WW
IdeaPad 3-14ARE05: before DZCN42WW
IdeaPad 3-15ADA6: before HBCN21WW
IdeaPad 3-15ALC6: before GLCN43WW
IdeaPad 3-15ARE05: before DZCN42WW
IdeaPad 3-15IGL05: before DVCN23WW
IdeaPad 3-17ADA05: before E8CN33WW
IdeaPad 3-17ADA6: before HBCN21WW
IdeaPad 3-17ALC6: before GLCN43WW
IdeaPad 3-17ARE05: before DZCN42WW
IdeaPad 3-17IIL05: before EMCN52WW
ideapad L3-15ITL6: before GFCN23WW
ideapad L340-15IRH Gaming: before BGCN35WW
ideapad L340-15IWL: before ATCN46WW
ideapad L340-15IWL Touch: before ATCN46WW
ideapad L340-17IRH Gaming: before BGCN35WW
ideapad L340-17IWL: before ATCN46WW
Lenovo Legion 5 Pro-16ACH6: before HHCN25WW
Lenovo Legion 5 Pro-16ACH6H: before GKCN51WW
Lenovo Legion 5 Pro-16ITH6: before H1CN46WW
Lenovo Legion 5 Pro-16ITH6H: before H1CN46WW
Lenovo Legion 5-15ACH6: before HHCN25WW
Lenovo Legion 5-15ACH6A: before G9CN28WW
Lenovo Legion 5-15ACH6H: before GKCN51WW
Lenovo Legion 5-15ITH6: before H1CN46WW
Lenovo Legion 5-15ITH6H: before H1CN46WW
Lenovo Legion 5-17ACH6: before HHCN25WW
Lenovo Legion 5-17ACH6H: before GKCN51WW
Lenovo Legion 5-17ITH6: before H1CN46WW
Lenovo Legion 5-17ITH6H: before H1CN46WW
Lenovo Legion 7-16ACHg6: before GKCN51WW
Lenovo Legion 7-16ITHg6: before H1CN46WW
Lenovo Legion Y540-15IRH: before BHCN44WW
Lenovo Legion Y540-15IRH-PG0: before BHCN44WW
Lenovo Legion Y540-17IRH: before BHCN44WW
Lenovo Legion Y540-17IRH-PG0: before BHCN44WW
Lenovo Legion Y545: before BHCN44WW
Lenovo Legion Y545-PG0: before BHCN44WW
Lenovo Legion Y7000-2019: before BHCN44WW
Lenovo Legion Y7000-2019-PG0: before BHCN44WW
ideapad S145-14API: before BUCN31WW
ideapad S145-14AST: before AYCN26WW
ideapad S145-14IGM: before AWCN28WW
ideapad S145-14IIL: before DKCN54WW
ideapad S145-15API: before BUCN31WW
ideapad S145-15AST: before AYCN26WW
ideapad S145-15IGM: before AWCN28WW
ideapad S145-15IIL: before DKCN54WW
ideapad S540-13API: before CXCN34WW
Lenovo V14 G2-ALC: before GLCN43WW
Lenovo V14-ADA: before E8CN33WW
Lenovo V14-ARE: before DZCN42WW
Lenovo V14-IGL: before DVCN23WW
Lenovo V14-IIL: before DKCN54WW
V140-15IWL: before ATCN46WW
Lenovo V15 G2-ALC: before GLCN43WW
Lenovo V15-ADA: before E8CN33WW
Lenovo V15-IGL: before DVCN23WW
Lenovo V15-IIL: before DKCN54WW
Lenovo V17-IIL: before EMCN52WW
Lenovo V340-17IWL: before ATCN46WW
Yoga Slim 7 Pro-14ACH5 D: before HECN24WW
Yoga Slim 7 Pro-14ACH5 OD: before HECN24WW
ideapad 3-14IGL05: before DVCN23WW
ideapad 3-14IIL05: before EMCN52WW
ideapad 3-15IIL05: before EMCN52WW
ideapad 5-15ARE05: before E7CN44WW
ideapad Creator 5-15IMH05: before EGCN36WW
ideapad Gaming 3-15ARH05: before FCCN17WW
ideapad Gaming 3-15IMH05: before EGCN36WW
External linkshttp://support.lenovo.com/lu/uk/product_security/LEN-73440
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU62366
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3972
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an error in driver used during manufacturing process and was mistakenly not deactivated. A local privileged user can modify secure boot setting by modifying an NVRAM variable and bypass implemented security restrictions.
Install updates from vendor's website.
Vulnerable software versionsIdeaPad 3 15ADA05: before E8CN33WW
IdeaPad 3-14ADA05: before E8CN33WW
IdeaPad 3-14ADA6: before HBCN21WW
IdeaPad 3-14ALC6: before GLCN43WW
IdeaPad 3-14ARE05: before DZCN42WW
IdeaPad 3-15ADA6: before HBCN21WW
IdeaPad 3-15ALC6: before GLCN43WW
IdeaPad 3-15ARE05: before DZCN42WW
IdeaPad 3-15IGL05: before DVCN23WW
IdeaPad 3-17ADA05: before E8CN33WW
IdeaPad 3-17ADA6: before HBCN21WW
IdeaPad 3-17ALC6: before GLCN43WW
IdeaPad 3-17ARE05: before DZCN42WW
IdeaPad 3-17IIL05: before EMCN52WW
ideapad L3-15ITL6: before GFCN23WW
ideapad L340-15IRH Gaming: before BGCN35WW
ideapad L340-15IWL: before ATCN46WW
ideapad L340-15IWL Touch: before ATCN46WW
ideapad L340-17IRH Gaming: before BGCN35WW
ideapad L340-17IWL: before ATCN46WW
Lenovo Legion 5 Pro-16ACH6: before HHCN25WW
Lenovo Legion 5 Pro-16ACH6H: before GKCN51WW
Lenovo Legion 5 Pro-16ITH6: before H1CN46WW
Lenovo Legion 5 Pro-16ITH6H: before H1CN46WW
Lenovo Legion 5-15ACH6: before HHCN25WW
Lenovo Legion 5-15ACH6A: before G9CN28WW
Lenovo Legion 5-15ACH6H: before GKCN51WW
Lenovo Legion 5-15ITH6: before H1CN46WW
Lenovo Legion 5-15ITH6H: before H1CN46WW
Lenovo Legion 5-17ACH6: before HHCN25WW
Lenovo Legion 5-17ACH6H: before GKCN51WW
Lenovo Legion 5-17ITH6: before H1CN46WW
Lenovo Legion 5-17ITH6H: before H1CN46WW
Lenovo Legion 7-16ACHg6: before GKCN51WW
Lenovo Legion 7-16ITHg6: before H1CN46WW
Lenovo Legion S7-15ACH6: before HACN35WW
Lenovo Legion Y540-15IRH: before BHCN44WW
Lenovo Legion Y540-15IRH-PG0: before BHCN44WW
Lenovo Legion Y540-17IRH: before BHCN44WW
Lenovo Legion Y540-17IRH-PG0: before BHCN44WW
Lenovo Legion Y545: before BHCN44WW
Lenovo Legion Y545-PG0: before BHCN44WW
Lenovo Legion Y7000-2019: before BHCN44WW
Lenovo Legion Y7000-2019-PG0: before BHCN44WW
ideapad S145-14API: before BUCN31WW
ideapad S145-14AST: before AYCN26WW
ideapad S145-14IGM: before AWCN28WW
ideapad S145-14IIL: before DKCN54WW
ideapad S145-15API: before BUCN31WW
ideapad S145-15AST: before AYCN26WW
ideapad S145-15IGM: before AWCN28WW
ideapad S145-15IIL: before DKCN54WW
ideapad S540-13API: before CXCN34WW
Lenovo V14 G2-ALC: before GLCN43WW
Lenovo V14-ADA: before E8CN33WW
Lenovo V14-ARE: before DZCN42WW
Lenovo V14-IGL: before DVCN23WW
Lenovo V14-IIL: before DKCN54WW
V140-15IWL: before ATCN46WW
Lenovo V15 G2-ALC: before GLCN43WW
Lenovo V15-ADA: before E8CN33WW
Lenovo V15-IGL: before DVCN23WW
Lenovo V15-IIL: before DKCN54WW
Lenovo V17-IIL: before EMCN52WW
Lenovo V340-17IWL: before ATCN46WW
Yoga Slim 7 Pro-14ACH5 D: before HECN24WW
Yoga Slim 7 Pro-14ACH5 OD: before HECN24WW
ideapad Yoga Slim 7 Pro-14ARH5: before G7CN21WW
ideapad 3-14IGL05: before DVCN23WW
ideapad 3-14IIL05: before EMCN52WW
ideapad 3-15IIL05: before EMCN52WW
ideapad 5-15ARE05: before E7CN44WW
ideapad Creator 5-15IMH05: before EGCN36WW
ideapad Gaming 3-15ARH05: before FCCN17WW
ideapad Gaming 3-15IMH05: before EGCN36WW
External linkshttp://support.lenovo.com/lu/uk/product_security/LEN-73440
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.