A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
Affected:< e8cn33wwFixed in:e8cn33wwCVE-2021-3972derived from NVD
ideapad 3-14ada6 firmwareNVD
Affected:< hbcn21wwFixed in:hbcn21wwCVE-2021-3972derived from NVD
ideapad 3-14alc6 firmwareNVD
Affected:< glcn43wwFixed in:glcn43wwCVE-2021-3972derived from NVD
ideapad 3-14are05 firmwareNVD
Affected:< dzcn42wwFixed in:dzcn42wwCVE-2021-3972derived from NVD
ideapad 3-14igl05 firmwareNVD
Affected:< emcn52wwFixed in:emcn52wwCVE-2021-3972derived from NVD
ideapad 3-14iil05 firmwareNVD
Affected:< dvcn23wwFixed in:dvcn23wwCVE-2021-3972derived from NVD
ideapad 3-14iml05 firmwareNVD
Affected:< dxcn41wwFixed in:dxcn41wwCVE-2021-3972derived from NVD
ideapad 3-14itl05 firmwareNVD
Affected:< gccn26wwFixed in:gccn26wwCVE-2021-3972derived from NVD
ideapad 3-14itl6 firmwareNVD
Affected:< ggcn33wwFixed in:ggcn33wwCVE-2021-3972derived from NVD
ideapad 3-15ada05 firmwareNVD
Affected:< e8cn33wwFixed in:e8cn33wwCVE-2021-3972derived from NVD
ideapad 3-15ada6 firmwareNVD
Affected:< hbcn21wwFixed in:hbcn21wwCVE-2021-3972derived from NVD
ideapad 3-15alc6 firmwareNVD
Affected:< glcn43wwFixed in:glcn43wwCVE-2021-3972derived from NVD
ideapad 3-15are05 firmwareNVD
Affected:< dzcn42wwFixed in:dzcn42wwCVE-2021-3972derived from NVD
ideapad 3-15igl05 firmwareNVD
Affected:< dvcn23wwFixed in:dvcn23wwCVE-2021-3972derived from NVD
ideapad 3-15iil05 firmwareNVD
Affected:< emcn52wwFixed in:emcn52wwCVE-2021-3972derived from NVD
ideapad 3-15iml05 firmwareNVD
Affected:< dxcn41wwFixed in:dxcn41wwCVE-2021-3972derived from NVD
ideapad 3-15itl05 firmwareNVD
Affected:< gccn26wwFixed in:gccn26wwCVE-2021-3972derived from NVD
ideapad 3-15itl6 firmwareNVD
Affected:< ggcn33wwFixed in:ggcn33wwCVE-2021-3972derived from NVD
ideapad 3-17ada05 firmwareNVD
Affected:< e8cn33wwFixed in:e8cn33wwCVE-2021-3972derived from NVD
ideapad 3-17ada6 firmwareNVD
Affected:< hbcn21wwFixed in:hbcn21wwCVE-2021-3972derived from NVD
ideapad 3-17alc6 firmwareNVD
Affected:< glcn43wwFixed in:glcn43wwCVE-2021-3972derived from NVD
ideapad 3-17are05 firmwareNVD
Affected:< dzcn42wwFixed in:dzcn42wwCVE-2021-3972derived from NVD
ideapad 3-17iil05 firmwareNVD
Affected:< emcn52wwFixed in:emcn52wwCVE-2021-3972derived from NVD
ideapad 3-17iml05 firmwareNVD
Affected:< dxcn41wwFixed in:dxcn41wwCVE-2021-3972derived from NVD
ideapad 3-17itl6 firmwareNVD
Affected:< ggcn33wwFixed in:ggcn33wwCVE-2021-3972derived from NVD
ideapad 5-15are05 firmwareNVD
Affected:< e7cn44wwFixed in:e7cn44wwCVE-2021-3972derived from NVD
ideapad 5-15iil05 firmwareNVD
Affected:< dpcn54wwFixed in:dpcn54wwCVE-2021-3972derived from NVD
ideapad creator 5-15imh05 firmwareNVD
Affected:< egcn36wwFixed in:egcn36wwCVE-2021-3972derived from NVD
ideapad gaming 3-15arh05 firmwareNVD
Affected:< fccn17wwFixed in:fccn17wwCVE-2021-3972derived from NVD
ideapad gaming 3-15imh05 firmwareNVD
Affected:< egcn36wwFixed in:egcn36wwCVE-2021-3972derived from NVD
l3-15itl6 firmwareNVD
Affected:< gfcn23wwFixed in:gfcn23wwCVE-2021-3972derived from NVD
l340-15irh firmwareNVD
Affected:< bgcn35wwFixed in:bgcn35wwCVE-2021-3972derived from NVD
l340-15iwl firmwareNVD
Affected:< atcn46wwFixed in:atcn46wwCVE-2021-3972derived from NVD
l340-15iwl touch firmwareNVD
Affected:< atcn46wwFixed in:atcn46wwCVE-2021-3972derived from NVD
l340-17irh firmwareNVD
Affected:< bgcn35wwFixed in:bgcn35wwCVE-2021-3972derived from NVD
l340-17iwl firmwareNVD
Affected:< atcn46wwFixed in:atcn46wwCVE-2021-3972derived from NVD
l3 15iml05 firmwareNVD
Affected:< ejcn27wwFixed in:ejcn27wwCVE-2021-3972derived from NVD
legion 5-15ach6 firmwareNVD
Affected:< hhcn25wwFixed in:hhcn25wwCVE-2021-3972derived from NVD
legion 5-15ach6a firmwareNVD
Affected:< g9cn28wwFixed in:g9cn28wwCVE-2021-3972derived from NVD
legion 5-15ach6h firmwareNVD
Affected:< gkcn51wwFixed in:gkcn51wwCVE-2021-3972derived from NVD
legion 5-15imh6 firmwareNVD
Affected:< g8cn19wwFixed in:g8cn19wwCVE-2021-3972derived from NVD
legion 5-15ith6 firmwareNVD
Affected:< h1cn46wwFixed in:h1cn46wwCVE-2021-3972derived from NVD
legion 5-15ith6h firmwareNVD
Affected:< h1cn46wwFixed in:h1cn46wwCVE-2021-3972derived from NVD
legion 5-17ach6 firmwareNVD
Affected:< hhcn25wwFixed in:hhcn25wwCVE-2021-3972derived from NVD
legion 5-17ach6h firmwareNVD
Affected:< gkcn51wwFixed in:gkcn51wwCVE-2021-3972derived from NVD
legion 5-17ith6 firmwareNVD
Affected:< h1cn46wwFixed in:h1cn46wwCVE-2021-3972derived from NVD
legion 5-17ith6h firmwareNVD
Affected:< h1cn46wwFixed in:h1cn46wwCVE-2021-3972derived from NVD
legion 5 pro-16ach6 firmwareNVD
Affected:< hhcn25wwFixed in:hhcn25wwCVE-2021-3972derived from NVD
legion 5 pro-16ach6h firmwareNVD
Affected:< gkcn51wwFixed in:gkcn51wwCVE-2021-3972derived from NVD
legion 5 pro-16ith6 firmwareNVD
Affected:< h1cn46wwFixed in:h1cn46wwCVE-2021-3972derived from NVD
legion 5 pro-16ith6h firmwareNVD
Affected:< h1cn46wwFixed in:h1cn46wwCVE-2021-3972derived from NVD
legion 7-16achg6 firmwareNVD
Affected:< gkcn51wwFixed in:gkcn51wwCVE-2021-3972derived from NVD
legion 7-16ithg6 firmwareNVD
Affected:< gkcn51wwFixed in:gkcn51wwCVE-2021-3972derived from NVD
legion s7-15ach6 firmwareNVD
Affected:< hacn35wwFixed in:hacn35wwCVE-2021-3972derived from NVD
legion y540-15irh-pg0 firmwareNVD
Affected:< bhcn44wwFixed in:bhcn44wwCVE-2021-3972derived from NVD
legion y540-15irh firmwareNVD
Affected:< bhcn44wwFixed in:bhcn44wwCVE-2021-3972derived from NVD
legion y540-17irh-pg0 firmwareNVD
Affected:< bhcn44wwFixed in:bhcn44wwCVE-2021-3972derived from NVD
legion y540-17irh firmwareNVD
Affected:< bhcn44wwFixed in:bhcn44wwCVE-2021-3972derived from NVD
legion y545-pg0 firmwareNVD
Affected:< bhcn44wwFixed in:bhcn44wwCVE-2021-3972derived from NVD
legion y545 firmwareNVD
Affected:< bhcn44wwFixed in:bhcn44wwCVE-2021-3972derived from NVD
legion y7000-2019-pg0 firmwareNVD
Affected:< bhcn44wwFixed in:bhcn44wwCVE-2021-3972derived from NVD
legion y7000-2019 firmwareNVD
Affected:< bhcn44wwFixed in:bhcn44wwCVE-2021-3972derived from NVD
s145-14api firmwareNVD
Affected:< bucn31wwFixed in:bucn31wwCVE-2021-3972derived from NVD
s145-14ast firmwareNVD
Affected:< aycn26wwFixed in:aycn26wwCVE-2021-3972derived from NVD
s145-14igm firmwareNVD
Affected:< awcn28wwFixed in:awcn28wwCVE-2021-3972derived from NVD
s145-14iil firmwareNVD
Affected:< dkcn54wwFixed in:dkcn54wwCVE-2021-3972derived from NVD
s145-15api firmwareNVD
Affected:< bucn31wwFixed in:bucn31wwCVE-2021-3972derived from NVD
s145-15ast firmwareNVD
Affected:< aycn26wwFixed in:aycn26wwCVE-2021-3972derived from NVD
s145-15igm firmwareNVD
Affected:< awcn28wwFixed in:awcn28wwCVE-2021-3972derived from NVD
s145-15iil firmwareNVD
Affected:< dkcn54wwFixed in:dkcn54wwCVE-2021-3972derived from NVD
s14 g2 itl firmwareNVD
Affected:< ggcn33wwFixed in:ggcn33wwCVE-2021-3972derived from NVD
s540-13api firmwareNVD
Affected:< cxcn34wwFixed in:cxcn34wwCVE-2021-3972derived from NVD
v14-ada firmwareNVD
Affected:< e8cn33wwFixed in:e8cn33wwCVE-2021-3972derived from NVD
v14-are firmwareNVD
Affected:< dzcn42wwFixed in:dzcn42wwCVE-2021-3972derived from NVD
v14-igl firmwareNVD
Affected:< dvcn23wwFixed in:dvcn23wwCVE-2021-3972derived from NVD
v14-iil firmwareNVD
Affected:< dkcn54wwFixed in:dkcn54wwCVE-2021-3972derived from NVD
v140-15iwl firmwareNVD
Affected:< atcn46wwFixed in:atcn46wwCVE-2021-3972derived from NVD
v14 g1-iml firmwareNVD
Affected:< dxcn41wwFixed in:dxcn41wwCVE-2021-3972derived from NVD
v14 g2-acl firmwareNVD
Affected:< glcn43wwFixed in:glcn43wwCVE-2021-3972derived from NVD
v14 g2-itl firmwareNVD
Affected:< ggcn33wwFixed in:ggcn33wwCVE-2021-3972derived from NVD
v15-ada firmwareNVD
Affected:< e8cn33wwFixed in:e8cn33wwCVE-2021-3972derived from NVD
v15-igl firmwareNVD
Affected:< dvcn23wwFixed in:dvcn23wwCVE-2021-3972derived from NVD
v15-iil firmwareNVD
Affected:< dkcn54wwFixed in:dkcn54wwCVE-2021-3972derived from NVD
v15 g1-iml firmwareNVD
Affected:< dxcn41wwFixed in:dxcn41wwCVE-2021-3972derived from NVD
v15 g2-alc firmwareNVD
Affected:< glcn43wwFixed in:glcn43wwCVE-2021-3972derived from NVD
v15 g2-itl firmwareNVD
Affected:< ggcn33wwFixed in:ggcn33wwCVE-2021-3972derived from NVD
v17-iil firmwareNVD
Affected:< emcn52wwFixed in:emcn52wwCVE-2021-3972derived from NVD
v17 g2-itl firmwareNVD
Affected:< ggcn33wwFixed in:ggcn33wwCVE-2021-3972derived from NVD
v340-17iwl firmwareNVD
Affected:< atcn46wwFixed in:atcn46wwCVE-2021-3972derived from NVD
yoga 7-14acn6 firmwareNVD
Affected:< h9cn26wwFixed in:h9cn26wwCVE-2021-3972derived from NVD
yoga c740-14iml firmwareNVD
Affected:< bncn44wwFixed in:bncn44wwCVE-2021-3972derived from NVD
yoga c740-15iml firmwareNVD
Affected:< bncn44wwFixed in:bncn44wwCVE-2021-3972derived from NVD
yoga slim 7 pro-14ach5 d firmwareNVD
Affected:< hecn24wwFixed in:hecn24wwCVE-2021-3972derived from NVD
yoga slim 7 pro-14ach5 firmwareNVD
Affected:< gzcn27wwFixed in:gzcn27wwCVE-2021-3972derived from NVD
yoga slim 7 pro-14ach5 o firmwareNVD
Affected:< gzcn27wwFixed in:gzcn27wwCVE-2021-3972derived from NVD
yoga slim 7 pro-14ach5 od firmwareNVD
Affected:< hecn24wwFixed in:hecn24wwCVE-2021-3972derived from NVD
yoga slim 7 pro-14arh5 firmwareNVD
Affected:< g7cn21wwFixed in:g7cn21wwCVE-2021-3972derived from NVD
Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
CVSS v3 Vector
Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploit Intelligence
2.97%probability of exploitation in 30 days
86thpercentile
Elevated risk: more likely to be exploited than 86% of all known CVEs.
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.