CVE-2021-3970

EUVD-2021-27175
A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
lenovoCNA
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
lenovos540-13iml_firmware
-
lenovoslim_7_pro-14ihu5_firmware
-
lenovoslim_9-14itl05_firmware
-
lenovoyoga_c940-14iil_firmware
-
lenovoyoga_slim_7_pro-14ihu5_firmware
-
lenovoyoga_slim_7_pro-14ihu5_o_firmware
-
lenovoyoga_slim_7_pro-14itl5_firmware
-
lenovoyoga_slim_9-14itl05_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.lenovo.com/us/en/product_security/LEN-73440
https://support.lenovo.com/us/en/product_security/LEN-73440