CVE & CISA-KEV Catalog

CVE-2021-3971

MEDIUM
6.7
CVSS v3
NVD

Description

A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable.

How to fix

Remediation Available
ideapad 3-14ada05 firmwareNVD
Affected:< e8cn33wwFixed in:e8cn33wwCVE-2021-3971derived from NVD
ideapad 3-14ada6 firmwareNVD
Affected:< hbcn21wwFixed in:hbcn21wwCVE-2021-3971derived from NVD
ideapad 3-14alc6 firmwareNVD
Affected:< glcn43wwFixed in:glcn43wwCVE-2021-3971derived from NVD
ideapad 3-14are05 firmwareNVD
Affected:< dzcn42wwFixed in:dzcn42wwCVE-2021-3971derived from NVD
ideapad 3-14igl05 firmwareNVD
Affected:< emcn52wwFixed in:emcn52wwCVE-2021-3971derived from NVD
ideapad 3-14iil05 firmwareNVD
Affected:< dvcn23wwFixed in:dvcn23wwCVE-2021-3971derived from NVD
ideapad 3-15ada05 firmwareNVD
Affected:< e8cn33wwFixed in:e8cn33wwCVE-2021-3971derived from NVD
ideapad 3-15ada6 firmwareNVD
Affected:< hbcn21wwFixed in:hbcn21wwCVE-2021-3971derived from NVD
ideapad 3-15alc6 firmwareNVD
Affected:< glcn43wwFixed in:glcn43wwCVE-2021-3971derived from NVD
ideapad 3-15are05 firmwareNVD
Affected:< dzcn42wwFixed in:dzcn42wwCVE-2021-3971derived from NVD
ideapad 3-15igl05 firmwareNVD
Affected:< dvcn23wwFixed in:dvcn23wwCVE-2021-3971derived from NVD
ideapad 3-15iil05 firmwareNVD
Affected:< emcn52wwFixed in:emcn52wwCVE-2021-3971derived from NVD
ideapad 3-17ada05 firmwareNVD
Affected:< e8cn33wwFixed in:e8cn33wwCVE-2021-3971derived from NVD
ideapad 3-17ada6 firmwareNVD
Affected:< hbcn21wwFixed in:hbcn21wwCVE-2021-3971derived from NVD
ideapad 3-17alc6 firmwareNVD
Affected:< glcn43wwFixed in:glcn43wwCVE-2021-3971derived from NVD
ideapad 3-17are05 firmwareNVD
Affected:< dzcn42wwFixed in:dzcn42wwCVE-2021-3971derived from NVD
ideapad 3-17iil05 firmwareNVD
Affected:< emcn52wwFixed in:emcn52wwCVE-2021-3971derived from NVD
ideapad 5-15are05 firmwareNVD
Affected:< e7cn44wwFixed in:e7cn44wwCVE-2021-3971derived from NVD
ideapad creator 5-15imh05 firmwareNVD
Affected:< egcn36wwFixed in:egcn36wwCVE-2021-3971derived from NVD
ideapad gaming 3-15arh05 firmwareNVD
Affected:< fccn17wwFixed in:fccn17wwCVE-2021-3971derived from NVD
ideapad gaming 3-15imh05 firmwareNVD
Affected:< egcn36wwFixed in:egcn36wwCVE-2021-3971derived from NVD
l3-15itl6 firmwareNVD
Affected:< gfcn23wwFixed in:gfcn23wwCVE-2021-3971derived from NVD
l340-15irh firmwareNVD
Affected:< bgcn35wwFixed in:bgcn35wwCVE-2021-3971derived from NVD
l340-15iwl firmwareNVD
Affected:< atcn46wwFixed in:atcn46wwCVE-2021-3971derived from NVD
l340-15iwl touch firmwareNVD
Affected:< atcn46wwFixed in:atcn46wwCVE-2021-3971derived from NVD
l340-17irh firmwareNVD
Affected:< bgcn35wwFixed in:bgcn35wwCVE-2021-3971derived from NVD
l340-17iwl firmwareNVD
Affected:< atcn46wwFixed in:atcn46wwCVE-2021-3971derived from NVD
legion 5-15ach6 firmwareNVD
Affected:< hhcn25wwFixed in:hhcn25wwCVE-2021-3971derived from NVD
legion 5-15ach6a firmwareNVD
Affected:< g9cn28wwFixed in:g9cn28wwCVE-2021-3971derived from NVD
legion 5-15ach6h firmwareNVD
Affected:< gkcn51wwFixed in:gkcn51wwCVE-2021-3971derived from NVD
legion 5-15ith6 firmwareNVD
Affected:< h1cn46wwFixed in:h1cn46wwCVE-2021-3971derived from NVD
legion 5-15ith6h firmwareNVD
Affected:< h1cn46wwFixed in:h1cn46wwCVE-2021-3971derived from NVD
legion 5-17ach6 firmwareNVD
Affected:< hhcn25wwFixed in:hhcn25wwCVE-2021-3971derived from NVD
legion 5-17ach6h firmwareNVD
Affected:< gkcn51wwFixed in:gkcn51wwCVE-2021-3971derived from NVD
legion 5-17ith6 firmwareNVD
Affected:< h1cn46wwFixed in:h1cn46wwCVE-2021-3971derived from NVD
legion 5-17ith6h firmwareNVD
Affected:< h1cn46wwFixed in:h1cn46wwCVE-2021-3971derived from NVD
legion 5 pro-16ach6 firmwareNVD
Affected:< hhcn25wwFixed in:hhcn25wwCVE-2021-3971derived from NVD
legion 5 pro-16ach6h firmwareNVD
Affected:< gkcn51wwFixed in:gkcn51wwCVE-2021-3971derived from NVD
legion 5 pro-16ith6 firmwareNVD
Affected:< h1cn46wwFixed in:h1cn46wwCVE-2021-3971derived from NVD
legion 5 pro-16ith6h firmwareNVD
Affected:< h1cn46wwFixed in:h1cn46wwCVE-2021-3971derived from NVD
legion 7-16achg6 firmwareNVD
Affected:< gkcn51wwFixed in:gkcn51wwCVE-2021-3971derived from NVD
legion 7-16ithg6 firmwareNVD
Affected:< gkcn51wwFixed in:gkcn51wwCVE-2021-3971derived from NVD
legion y540-15irh-pg0 firmwareNVD
Affected:< bhcn44wwFixed in:bhcn44wwCVE-2021-3971derived from NVD
legion y540-15irh firmwareNVD
Affected:< bhcn44wwFixed in:bhcn44wwCVE-2021-3971derived from NVD
legion y540-17irh-pg0 firmwareNVD
Affected:< bhcn44wwFixed in:bhcn44wwCVE-2021-3971derived from NVD
legion y540-17irh firmwareNVD
Affected:< bhcn44wwFixed in:bhcn44wwCVE-2021-3971derived from NVD
legion y545-pg0 firmwareNVD
Affected:< bhcn44wwFixed in:bhcn44wwCVE-2021-3971derived from NVD
legion y545 firmwareNVD
Affected:< bhcn44wwFixed in:bhcn44wwCVE-2021-3971derived from NVD
legion y7000-2019-pg0 firmwareNVD
Affected:< bhcn44wwFixed in:bhcn44wwCVE-2021-3971derived from NVD
legion y7000-2019 firmwareNVD
Affected:< bhcn44wwFixed in:bhcn44wwCVE-2021-3971derived from NVD
s145-14api firmwareNVD
Affected:< bucn31wwFixed in:bucn31wwCVE-2021-3971derived from NVD
s145-14ast firmwareNVD
Affected:< aycn26wwFixed in:aycn26wwCVE-2021-3971derived from NVD
s145-14igm firmwareNVD
Affected:< awcn28wwFixed in:awcn28wwCVE-2021-3971derived from NVD
s145-14iil firmwareNVD
Affected:< dkcn54wwFixed in:dkcn54wwCVE-2021-3971derived from NVD
s145-15api firmwareNVD
Affected:< bucn31wwFixed in:bucn31wwCVE-2021-3971derived from NVD
s145-15ast firmwareNVD
Affected:< aycn26wwFixed in:aycn26wwCVE-2021-3971derived from NVD
s145-15igm firmwareNVD
Affected:< awcn28wwFixed in:awcn28wwCVE-2021-3971derived from NVD
s145-15iil firmwareNVD
Affected:< dkcn54wwFixed in:dkcn54wwCVE-2021-3971derived from NVD
s540-13api firmwareNVD
Affected:< cxcn34wwFixed in:cxcn34wwCVE-2021-3971derived from NVD
v14-ada firmwareNVD
Affected:< e8cn33wwFixed in:e8cn33wwCVE-2021-3971derived from NVD
v14-are firmwareNVD
Affected:< dzcn42wwFixed in:dzcn42wwCVE-2021-3971derived from NVD
v14-igl firmwareNVD
Affected:< dvcn23wwFixed in:dvcn23wwCVE-2021-3971derived from NVD
v14-iil firmwareNVD
Affected:< dkcn54wwFixed in:dkcn54wwCVE-2021-3971derived from NVD
v140-15iwl firmwareNVD
Affected:< atcn46wwFixed in:atcn46wwCVE-2021-3971derived from NVD
v14 g2-acl firmwareNVD
Affected:< glcn43wwFixed in:glcn43wwCVE-2021-3971derived from NVD
v15-ada firmwareNVD
Affected:< e8cn33wwFixed in:e8cn33wwCVE-2021-3971derived from NVD
v15-igl firmwareNVD
Affected:< dvcn23wwFixed in:dvcn23wwCVE-2021-3971derived from NVD
v15-iil firmwareNVD
Affected:< dkcn54wwFixed in:dkcn54wwCVE-2021-3971derived from NVD
v15 g2-alc firmwareNVD
Affected:< glcn43wwFixed in:glcn43wwCVE-2021-3971derived from NVD
v17-iil firmwareNVD
Affected:< emcn52wwFixed in:emcn52wwCVE-2021-3971derived from NVD
v340-17iwl firmwareNVD
Affected:< atcn46wwFixed in:atcn46wwCVE-2021-3971derived from NVD
yoga slim 7 pro-14ach5 d firmwareNVD
Affected:< hecn24wwFixed in:hecn24wwCVE-2021-3971derived from NVD
yoga slim 7 pro-14ach5 od firmwareNVD
Affected:< hecn24wwFixed in:hecn24wwCVE-2021-3971derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

1.29%probability of exploitation in 30 days
67thpercentile

Moderate risk: more likely to be exploited than 67% of all known CVEs.

References

Vendor Advisory1
Embed a live status badge for CVE-2021-3971
CVE-2021-3971 severity badge

Markdown

[![CVE-2021-3971](https://tridentstack.com/cve/badge/CVE-2021-3971.svg)](https://tridentstack.com/cve/CVE-2021-3971)

HTML

<a href="https://tridentstack.com/cve/CVE-2021-3971"><img src="https://tridentstack.com/cve/badge/CVE-2021-3971.svg" alt="CVE-2021-3971"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.