CVE Vulnerabilities

CVE-2021-3971

Published: Apr 22, 2022 | Modified: May 06, 2022
CVSS 3.x
6.7
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable.

Affected Software

Name Vendor Start Version End Version
Ideapad_3-14ada05_firmware Lenovo * e8cn33ww (excluding)

References