Vulnerability Description
A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Ideapad 3-14Ada05 Firmware | < e8cn33ww |
| Lenovo | Ideapad 3-14Ada05 | - |
| Lenovo | Ideapad 3-14Ada6 Firmware | < hbcn21ww |
| Lenovo | Ideapad 3-14Ada6 | - |
| Lenovo | Ideapad 3-14Alc6 Firmware | < glcn43ww |
| Lenovo | Ideapad 3-14Alc6 | - |
| Lenovo | Ideapad 3-14Are05 Firmware | < dzcn42ww |
| Lenovo | Ideapad 3-14Are05 | - |
| Lenovo | Ideapad 3-15Ada6 Firmware | < hbcn21ww |
| Lenovo | Ideapad 3-15Ada6 | - |
| Lenovo | Ideapad 3-15Alc6 Firmware | < glcn43ww |
| Lenovo | Ideapad 3-15Alc6 | - |
| Lenovo | Ideapad 3-15Are05 Firmware | < dzcn42ww |
| Lenovo | Ideapad 3-15Are05 | - |
| Lenovo | Ideapad 3-15Igl05 Firmware | < dvcn23ww |
| Lenovo | Ideapad 3-15Igl05 | - |
| Lenovo | Ideapad 3-17Ada05 Firmware | < e8cn33ww |
| Lenovo | Ideapad 3-17Ada05 | - |
| Lenovo | Ideapad 3-17Ada6 Firmware | < hbcn21ww |
| Lenovo | Ideapad 3-17Ada6 | - |
Related Weaknesses (CWE)
References
- https://support.lenovo.com/us/en/product_security/LEN-73440Vendor Advisory
- https://support.lenovo.com/us/en/product_security/LEN-73440Vendor Advisory
FAQ
What is CVE-2021-3971?
CVE-2021-3971 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with ele...
How severe is CVE-2021-3971?
CVE-2021-3971 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3971?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Ideapad 3-14Ada05 Firmware, Lenovo Ideapad 3-14Ada05, Lenovo Ideapad 3-14Ada6 Firmware, Lenovo Ideapad 3-14Ada6, Lenovo Ideapad 3-14Alc6 Firmware.