CVE Vulnerabilities

CVE-2021-3972

Active Debug Code

Published: Apr 22, 2022 | Modified: Nov 21, 2024
CVSS 3.x
6.7
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Weakness

The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.

Affected Software

Name Vendor Start Version End Version
Ideapad_3-14ada05_firmware Lenovo * e8cn33ww (excluding)

Potential Mitigations

References