Security restrictions bypass in multiple Lenovo products



Published: 2022-04-18
Risk Low
Patch available NO
Number of vulnerabilities 1
CVE-ID CVE-2021-3972
CWE-ID CWE-264
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Lenovo Legion S7-15IMH5
Hardware solutions / Firmware

Lenovo Legion S7-15ARH5
Hardware solutions / Firmware

ideapad 5-15IIL05
Hardware solutions / Firmware

ideapad 3-17IML05
Hardware solutions / Firmware

ideapad 3-15ITL6
Hardware solutions / Firmware

ideapad 3-15ITL05
Hardware solutions / Firmware

ideapad 3-15IML05
Hardware solutions / Firmware

ideapad 3-14ITL6
Hardware solutions / Firmware

ideapad 3-14ITL05
Hardware solutions / Firmware

ideapad 3-14IML05
Hardware solutions / Firmware

ideapad Yoga Slim 9-14ITL05
Hardware solutions / Firmware

ideapad Yoga Slim 7 Pro-14ITL5
Hardware solutions / Firmware

ideapad Yoga Slim 7 Pro-14IHU5 O
Hardware solutions / Firmware

ideapad Yoga Slim 7 Pro-14IHU5
Hardware solutions / Firmware

ideapad Yoga Slim 7 Pro-14ACH5 O
Hardware solutions / Firmware

ideapad Yoga Slim 7 Pro-14ACH5
Hardware solutions / Firmware

ideapad Yoga C940-14IIL
Hardware solutions / Firmware

Lenovo Yoga C740-15IML
Hardware solutions / Firmware

Lenovo Yoga C740-14IML
Hardware solutions / Firmware

ideapad Yoga 7-14ACN6
Hardware solutions / Firmware

Lenovo V17 G2-ITL
Hardware solutions / Firmware

Lenovo V15 G2-ITL
Hardware solutions / Firmware

Lenovo V15 G1-IML
Hardware solutions / Firmware

Lenovo V14 G2-ITL
Hardware solutions / Firmware

Lenovo V14 G1-IML
Hardware solutions / Firmware

ideapad Slim 9-14ITL05
Hardware solutions / Firmware

IdeaPad Slim 7 Pro-14IHU5
Hardware solutions / Firmware

ideapad S540-13IML
Hardware solutions / Firmware

Lenovo S14 G2 ITL
Hardware solutions / Firmware

Lenovo Legion 5-15IMH6
Hardware solutions / Firmware

ideapad L3-15IML05
Hardware solutions / Firmware

IdeaPad 3-17ITL6
Hardware solutions / Firmware

ideapad Flex 3-11ADA05
Hardware solutions / Firmware

Vendor Lenovo

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Security restrictions bypass

EUVDB-ID: #VU62366

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2021-3972

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an error in driver used during manufacturing process and was mistakenly not deactivated. A local privileged user can modify secure boot setting by modifying an NVRAM variable and bypass implemented security restrictions.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Lenovo Legion S7-15IMH5: All versions

Lenovo Legion S7-15ARH5: All versions

ideapad 5-15IIL05: All versions

ideapad 3-17IML05: All versions

ideapad 3-15ITL6: All versions

ideapad 3-15ITL05: All versions

ideapad 3-15IML05: All versions

ideapad 3-14ITL6: All versions

ideapad 3-14ITL05: All versions

ideapad 3-14IML05: All versions

ideapad Yoga Slim 9-14ITL05: All versions

ideapad Yoga Slim 7 Pro-14ITL5: All versions

ideapad Yoga Slim 7 Pro-14IHU5 O: All versions

ideapad Yoga Slim 7 Pro-14IHU5: All versions

ideapad Yoga Slim 7 Pro-14ACH5 O: All versions

ideapad Yoga Slim 7 Pro-14ACH5: All versions

ideapad Yoga C940-14IIL: All versions

Lenovo Yoga C740-15IML: All versions

Lenovo Yoga C740-14IML: All versions

ideapad Yoga 7-14ACN6: All versions

Lenovo V17 G2-ITL: All versions

Lenovo V15 G2-ITL: All versions

Lenovo V15 G1-IML: All versions

Lenovo V14 G2-ITL: All versions

Lenovo V14 G1-IML: All versions

ideapad Slim 9-14ITL05: All versions

IdeaPad Slim 7 Pro-14IHU5: All versions

ideapad S540-13IML: All versions

Lenovo S14 G2 ITL: All versions

Lenovo Legion 5-15IMH6: All versions

ideapad L3-15IML05: All versions

IdeaPad 3-17ITL6: All versions

ideapad Flex 3-11ADA05: All versions

External links

http://support.lenovo.com/lu/uk/product_security/LEN-73440


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###