CVE-2021-3970

Home/CVE/A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BI

CVE

A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BI

A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code.

MEDIUM · CVSS 6.7 EPSS 0.00364

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-20Improper Input Validation

▤

Affected Products & Versions

lenovo ideapad 3-14ada05 firmware< e8cn33ww
lenovo ideapad 3-14ada6 firmware< hbcn21ww
lenovo ideapad 3-14alc6 firmware< glcn43ww
lenovo ideapad 3-14are05 firmware< dzcn42ww
lenovo ideapad 3-15ada6 firmware< hbcn21ww
lenovo ideapad 3-15alc6 firmware< glcn43ww
lenovo ideapad 3-15are05 firmware< dzcn42ww
lenovo ideapad 3-15igl05 firmware< dvcn23ww
Show all 60 affected productslenovo ideapad 3-17ada05 firmware< e8cn33ww
lenovo ideapad 3-17ada6 firmware< hbcn21ww
lenovo ideapad 3-17alc6 firmware< glcn43ww
lenovo ideapad 3-17are05 firmware< dzcn42ww
lenovo ideapad 3-17iil05 firmware< emcn52ww
lenovo ideapad 3-17itl6 firmware< ggcn33ww
lenovo ideapad 3-15ada05 firmware< e8cn33ww
lenovo l3 15iml05 firmware< ejcn27ww
lenovo l3-15itl6 firmware< gfcn23ww
lenovo l340-15irh firmware< bgcn35ww
lenovo l340-15iwl firmware< atcn46ww
lenovo l340-15iwl touch firmware< atcn46ww
lenovo l340-17irh firmware< bgcn35ww
lenovo l340-17iwl firmware< atcn46ww
lenovo legion 5 pro-16ach6 firmware< hhcn25ww
lenovo legion 5 pro-16ach6h firmware< gkcn51ww
lenovo legion 5 pro-16ith6 firmware< h1cn46ww
lenovo legion 5 pro-16ith6h firmware< h1cn46ww
lenovo legion 5-15ach6 firmware< hhcn25ww
lenovo legion 5-15ach6a firmware< g9cn28ww
lenovo legion 5-15ach6h firmware< gkcn51ww
lenovo legion 5-15imh6 firmware< g8cn19ww
lenovo legion 5-15ith6 firmware< h1cn46ww
lenovo legion 5-15ith6h firmware< h1cn46ww
lenovo legion 5-17ach6 firmware< hhcn25ww
lenovo legion 5-17ach6h firmware< gkcn51ww
lenovo legion 5-17ith6 firmware< h1cn46ww
lenovo legion 5-17ith6h firmware< h1cn46ww
lenovo legion 7-16achg6 firmware< gkcn51ww
lenovo legion 7-16ithg6 firmware< gkcn51ww
lenovo legion s7-15ach6 firmware< hacn35ww
lenovo legion y540-15irh firmware< bhcn44ww
lenovo legion y540-15irh-pg0 firmware< bhcn44ww
lenovo legion y540-17irh firmware< bhcn44ww
lenovo legion y540-17irh-pg0 firmware< bhcn44ww
lenovo legion y545 firmware< bhcn44ww
lenovo legion y545-pg0 firmware< bhcn44ww
lenovo legion y7000-2019 firmware< bhcn44ww
lenovo legion y7000-2019-pg0 firmware< bhcn44ww
lenovo s14 g2 itl firmware< ggcn33ww
lenovo s145-14api firmware< bucn31ww
lenovo s145-14ast firmware< aycn26ww
lenovo s145-14igm firmware< awcn28ww
lenovo s145-14iil firmware< dkcn54ww
lenovo s145-15api firmware< bucn31ww
lenovo s145-15ast firmware< aycn26ww
lenovo s145-15igm firmware< awcn28ww
lenovo s145-15iil firmware< dkcn54ww
lenovo s540-13api firmware< cxcn34ww
lenovo s540-13iml firmwareall versions
lenovo slim 7 pro-14ihu5 firmwareall versions
lenovo slim 9-14itl05 firmwareall versions

▣

Scoring & Timeline

6.7

MEDIUM · CVSS v3.1 · psirt@lenovo.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD22 Apr 2022 · 09:15 PM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://support.lenovo.com/us/en/product_security/LEN-73440Vendor Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin