CVE-2021-3970
high-risk
Published 2022-04-22
A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code.
Do I need to act?
-
0.36% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.7/10
Medium
LOCAL
/ LOW complexity
Affected Products (20)
Ideapad 3-14Ada05 Firmware
Ideapad 3-14Ada6 Firmware
Ideapad 3-14Alc6 Firmware
Ideapad 3-14Are05 Firmware
Ideapad 3-15Ada6 Firmware
Ideapad 3-15Alc6 Firmware
Ideapad 3-15Are05 Firmware
Ideapad 3-15Igl05 Firmware
Ideapad 3-17Ada05 Firmware
Ideapad 3-17Ada6 Firmware
Ideapad 3-17Alc6 Firmware
Ideapad 3-17Are05 Firmware
Ideapad 3-17Iil05 Firmware
Ideapad 3-17Itl6 Firmware
Ideapad 3-15Ada05 Firmware
L3 15Iml05 Firmware
L3-15Itl6 Firmware
L340-15Irh Firmware
L340-15Iwl Firmware
L340-15Iwl Touch Firmware
Affected Vendors
References (2)
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-73440
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-73440
52
/ 100
high-risk
Severity
21/34 · High
Exploitability
1/34 · Minimal
Exposure
30/34 · Critical