Multiple vulnerabilities in Lenovo products

1) Input validation error

EUVDB-ID: #VU62364

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3970

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input in LenovoVariable SMI Handler. A local user can run a specially crafted program to execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IdeaPad 3 15ADA05: before E8CN33WW

IdeaPad 3-14ADA05: before E8CN33WW

IdeaPad 3-14ADA6: before HBCN21WW

IdeaPad 3-14ALC6: before GLCN43WW

IdeaPad 3-14ARE05: before DZCN42WW

IdeaPad 3-15ADA6: before HBCN21WW

IdeaPad 3-15ALC6: before GLCN43WW

IdeaPad 3-15ARE05: before DZCN42WW

IdeaPad 3-15IGL05: before DVCN23WW

IdeaPad 3-17ADA05: before E8CN33WW

IdeaPad 3-17ADA6: before HBCN21WW

IdeaPad 3-17ALC6: before GLCN43WW

IdeaPad 3-17ARE05: before DZCN42WW

IdeaPad 3-17IIL05: before EMCN52WW

ideapad L3-15ITL6: before GFCN23WW

ideapad L340-15IRH Gaming: before BGCN35WW

ideapad L340-15IWL: before ATCN46WW

ideapad L340-15IWL Touch: before ATCN46WW

ideapad L340-17IRH Gaming: before BGCN35WW

ideapad L340-17IWL: before ATCN46WW

Lenovo Legion 5 Pro-16ACH6: before HHCN25WW

Lenovo Legion 5 Pro-16ACH6H: before GKCN51WW

Lenovo Legion 5 Pro-16ITH6: before H1CN46WW

Lenovo Legion 5 Pro-16ITH6H: before H1CN46WW

Lenovo Legion 5-15ACH6: before HHCN25WW

Lenovo Legion 5-15ACH6A: before G9CN28WW

Lenovo Legion 5-15ACH6H: before GKCN51WW

Lenovo Legion 5-15ITH6: before H1CN46WW

Lenovo Legion 5-15ITH6H: before H1CN46WW

Lenovo Legion 5-17ACH6: before HHCN25WW

Lenovo Legion 5-17ACH6H: before GKCN51WW

Lenovo Legion 5-17ITH6: before H1CN46WW

Lenovo Legion 5-17ITH6H: before H1CN46WW

Lenovo Legion 7-16ACHg6: before GKCN51WW

Lenovo Legion 7-16ITHg6: before H1CN46WW

Lenovo Legion S7-15ACH6: before HACN35WW

Lenovo Legion Y540-15IRH: before BHCN44WW

Lenovo Legion Y540-15IRH-PG0: before BHCN44WW

Lenovo Legion Y540-17IRH: before BHCN44WW

Lenovo Legion Y540-17IRH-PG0: before BHCN44WW

Lenovo Legion Y545: before BHCN44WW

Lenovo Legion Y545-PG0: before BHCN44WW

Lenovo Legion Y7000-2019: before BHCN44WW

Lenovo Legion Y7000-2019-PG0: before BHCN44WW

ideapad S145-14API: before BUCN31WW

ideapad S145-14AST: before AYCN26WW

ideapad S145-14IGM: before AWCN28WW

ideapad S145-14IIL: before DKCN54WW

ideapad S145-15API: before BUCN31WW

ideapad S145-15AST: before AYCN26WW

ideapad S145-15IGM: before AWCN28WW

ideapad S145-15IIL: before DKCN54WW

ideapad S540-13API: before CXCN34WW

Lenovo V14 G2-ALC: before GLCN43WW

Lenovo V14-ADA: before E8CN33WW

Lenovo V14-ARE: before DZCN42WW

Lenovo V14-IGL: before DVCN23WW

Lenovo V14-IIL: before DKCN54WW

V140-15IWL: before ATCN46WW

Lenovo V15 G2-ALC: before GLCN43WW

Lenovo V15-ADA: before E8CN33WW

Lenovo V15-IGL: before DVCN23WW

Lenovo V15-IIL: before DKCN54WW

Lenovo V17-IIL: before EMCN52WW

Lenovo V340-17IWL: before ATCN46WW

Yoga Slim 7 Pro-14ACH5 D: before HECN24WW

Yoga Slim 7 Pro-14ACH5 OD: before HECN24WW

ideapad Yoga Slim 7 Pro-14ARH5: before G7CN21WW

ideapad 3-14IGL05: before DVCN23WW

ideapad 3-14IIL05: before EMCN52WW

ideapad 3-15IIL05: before EMCN52WW

ideapad 5-15ARE05: before E7CN44WW

ideapad Creator 5-15IMH05: before EGCN36WW

ideapad Gaming 3-15ARH05: before FCCN17WW

ideapad Gaming 3-15IMH05: before EGCN36WW

External links

http://support.lenovo.com/lu/uk/product_security/LEN-73440

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Security restrictions bypass

EUVDB-ID: #VU62365

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3971

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an error in driver used during older manufacturing processes and was mistakenly included in the BIOS image. A local privileged user can modify firmware protection region by changing an NVRAM variable and bypass implemented security restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IdeaPad 3 15ADA05: before E8CN33WW

IdeaPad 3-14ADA05: before E8CN33WW

IdeaPad 3-14ADA6: before HBCN21WW

IdeaPad 3-14ALC6: before GLCN43WW

IdeaPad 3-14ARE05: before DZCN42WW

IdeaPad 3-15ADA6: before HBCN21WW

IdeaPad 3-15ALC6: before GLCN43WW

IdeaPad 3-15ARE05: before DZCN42WW

IdeaPad 3-15IGL05: before DVCN23WW

IdeaPad 3-17ADA05: before E8CN33WW

IdeaPad 3-17ADA6: before HBCN21WW

IdeaPad 3-17ALC6: before GLCN43WW

IdeaPad 3-17ARE05: before DZCN42WW

IdeaPad 3-17IIL05: before EMCN52WW

ideapad L3-15ITL6: before GFCN23WW

ideapad L340-15IRH Gaming: before BGCN35WW

ideapad L340-15IWL: before ATCN46WW

ideapad L340-15IWL Touch: before ATCN46WW

ideapad L340-17IRH Gaming: before BGCN35WW

ideapad L340-17IWL: before ATCN46WW

Lenovo Legion 5 Pro-16ACH6: before HHCN25WW

Lenovo Legion 5 Pro-16ACH6H: before GKCN51WW

Lenovo Legion 5 Pro-16ITH6: before H1CN46WW

Lenovo Legion 5 Pro-16ITH6H: before H1CN46WW

Lenovo Legion 5-15ACH6: before HHCN25WW

Lenovo Legion 5-15ACH6A: before G9CN28WW

Lenovo Legion 5-15ACH6H: before GKCN51WW

Lenovo Legion 5-15ITH6: before H1CN46WW

Lenovo Legion 5-15ITH6H: before H1CN46WW

Lenovo Legion 5-17ACH6: before HHCN25WW

Lenovo Legion 5-17ACH6H: before GKCN51WW

Lenovo Legion 5-17ITH6: before H1CN46WW

Lenovo Legion 5-17ITH6H: before H1CN46WW

Lenovo Legion 7-16ACHg6: before GKCN51WW

Lenovo Legion 7-16ITHg6: before H1CN46WW

Lenovo Legion Y540-15IRH: before BHCN44WW

Lenovo Legion Y540-15IRH-PG0: before BHCN44WW

Lenovo Legion Y540-17IRH: before BHCN44WW

Lenovo Legion Y540-17IRH-PG0: before BHCN44WW

Lenovo Legion Y545: before BHCN44WW

Lenovo Legion Y545-PG0: before BHCN44WW

Lenovo Legion Y7000-2019: before BHCN44WW

Lenovo Legion Y7000-2019-PG0: before BHCN44WW

ideapad S145-14API: before BUCN31WW

ideapad S145-14AST: before AYCN26WW

ideapad S145-14IGM: before AWCN28WW

ideapad S145-14IIL: before DKCN54WW

ideapad S145-15API: before BUCN31WW

ideapad S145-15AST: before AYCN26WW

ideapad S145-15IGM: before AWCN28WW

ideapad S145-15IIL: before DKCN54WW

ideapad S540-13API: before CXCN34WW

Lenovo V14 G2-ALC: before GLCN43WW

Lenovo V14-ADA: before E8CN33WW

Lenovo V14-ARE: before DZCN42WW

Lenovo V14-IGL: before DVCN23WW

Lenovo V14-IIL: before DKCN54WW

V140-15IWL: before ATCN46WW

Lenovo V15 G2-ALC: before GLCN43WW

Lenovo V15-ADA: before E8CN33WW

Lenovo V15-IGL: before DVCN23WW

Lenovo V15-IIL: before DKCN54WW

Lenovo V17-IIL: before EMCN52WW

Lenovo V340-17IWL: before ATCN46WW

Yoga Slim 7 Pro-14ACH5 D: before HECN24WW

Yoga Slim 7 Pro-14ACH5 OD: before HECN24WW

ideapad 3-14IGL05: before DVCN23WW

ideapad 3-14IIL05: before EMCN52WW

ideapad 3-15IIL05: before EMCN52WW

ideapad 5-15ARE05: before E7CN44WW

ideapad Creator 5-15IMH05: before EGCN36WW

ideapad Gaming 3-15ARH05: before FCCN17WW

ideapad Gaming 3-15IMH05: before EGCN36WW

External links

http://support.lenovo.com/lu/uk/product_security/LEN-73440

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Security restrictions bypass

EUVDB-ID: #VU62366

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3972

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an error in driver used during manufacturing process and was mistakenly not deactivated. A local privileged user can modify secure boot setting by modifying an NVRAM variable and bypass implemented security restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IdeaPad 3 15ADA05: before E8CN33WW

IdeaPad 3-14ADA05: before E8CN33WW

IdeaPad 3-14ADA6: before HBCN21WW

IdeaPad 3-14ALC6: before GLCN43WW

IdeaPad 3-14ARE05: before DZCN42WW

IdeaPad 3-15ADA6: before HBCN21WW

IdeaPad 3-15ALC6: before GLCN43WW

IdeaPad 3-15ARE05: before DZCN42WW

IdeaPad 3-15IGL05: before DVCN23WW

IdeaPad 3-17ADA05: before E8CN33WW

IdeaPad 3-17ADA6: before HBCN21WW

IdeaPad 3-17ALC6: before GLCN43WW

IdeaPad 3-17ARE05: before DZCN42WW

IdeaPad 3-17IIL05: before EMCN52WW

ideapad L3-15ITL6: before GFCN23WW

ideapad L340-15IRH Gaming: before BGCN35WW

ideapad L340-15IWL: before ATCN46WW

ideapad L340-15IWL Touch: before ATCN46WW

ideapad L340-17IRH Gaming: before BGCN35WW

ideapad L340-17IWL: before ATCN46WW

Lenovo Legion 5 Pro-16ACH6: before HHCN25WW

Lenovo Legion 5 Pro-16ACH6H: before GKCN51WW

Lenovo Legion 5 Pro-16ITH6: before H1CN46WW

Lenovo Legion 5 Pro-16ITH6H: before H1CN46WW

Lenovo Legion 5-15ACH6: before HHCN25WW

Lenovo Legion 5-15ACH6A: before G9CN28WW

Lenovo Legion 5-15ACH6H: before GKCN51WW

Lenovo Legion 5-15ITH6: before H1CN46WW

Lenovo Legion 5-15ITH6H: before H1CN46WW

Lenovo Legion 5-17ACH6: before HHCN25WW

Lenovo Legion 5-17ACH6H: before GKCN51WW

Lenovo Legion 5-17ITH6: before H1CN46WW

Lenovo Legion 5-17ITH6H: before H1CN46WW

Lenovo Legion 7-16ACHg6: before GKCN51WW

Lenovo Legion 7-16ITHg6: before H1CN46WW

Lenovo Legion S7-15ACH6: before HACN35WW

Lenovo Legion Y540-15IRH: before BHCN44WW

Lenovo Legion Y540-15IRH-PG0: before BHCN44WW

Lenovo Legion Y540-17IRH: before BHCN44WW

Lenovo Legion Y540-17IRH-PG0: before BHCN44WW

Lenovo Legion Y545: before BHCN44WW

Lenovo Legion Y545-PG0: before BHCN44WW

Lenovo Legion Y7000-2019: before BHCN44WW

Lenovo Legion Y7000-2019-PG0: before BHCN44WW

ideapad S145-14API: before BUCN31WW

ideapad S145-14AST: before AYCN26WW

ideapad S145-14IGM: before AWCN28WW

ideapad S145-14IIL: before DKCN54WW

ideapad S145-15API: before BUCN31WW

ideapad S145-15AST: before AYCN26WW

ideapad S145-15IGM: before AWCN28WW

ideapad S145-15IIL: before DKCN54WW

ideapad S540-13API: before CXCN34WW

Lenovo V14 G2-ALC: before GLCN43WW

Lenovo V14-ADA: before E8CN33WW

Lenovo V14-ARE: before DZCN42WW

Lenovo V14-IGL: before DVCN23WW

Lenovo V14-IIL: before DKCN54WW

V140-15IWL: before ATCN46WW

Lenovo V15 G2-ALC: before GLCN43WW

Lenovo V15-ADA: before E8CN33WW

Lenovo V15-IGL: before DVCN23WW

Lenovo V15-IIL: before DKCN54WW

Lenovo V17-IIL: before EMCN52WW

Lenovo V340-17IWL: before ATCN46WW

Yoga Slim 7 Pro-14ACH5 D: before HECN24WW

Yoga Slim 7 Pro-14ACH5 OD: before HECN24WW

ideapad Yoga Slim 7 Pro-14ARH5: before G7CN21WW

ideapad 3-14IGL05: before DVCN23WW

ideapad 3-14IIL05: before EMCN52WW

ideapad 3-15IIL05: before EMCN52WW

ideapad 5-15ARE05: before E7CN44WW

ideapad Creator 5-15IMH05: before EGCN36WW

ideapad Gaming 3-15ARH05: before FCCN17WW

ideapad Gaming 3-15IMH05: before EGCN36WW

External links

http://support.lenovo.com/lu/uk/product_security/LEN-73440

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.