First published: Fri Jul 16 2021(Updated: )
Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.
Credit: psirt@lenovo.com
Affected Software | Affected Version | How to fix |
---|---|---|
Lenovo Thinkpad Helix Firmware | =n17etb4w | |
Lenovo Thinkpad Helix | ||
Lenovo Thinkpad T550 Firmware | =n11et53w | |
Lenovo Thinkpad T550 | ||
Lenovo Thinkpad W550s Firmware | =n11et53w | |
Lenovo Thinkpad W550s | ||
Lenovo Thinkpad X1 Carbon 3rd Gen Firmware | =n14et55w | |
Lenovo Thinkpad X1 Carbon 3rd Gen | ||
Lenovo Thinkpad X250 Firmware | =n10et62w | |
Lenovo Thinkpad X250 | ||
Lenovo Thinkpad Yoga 15 Firmware | =n19et65w | |
Lenovo Thinkpad Yoga 15 | ||
Lenovo 730s-13iml Firmware | ||
Lenovo 730s-13iml | ||
Lenovo Ideapad 1-11igl05 Firmware | ||
Lenovo Ideapad 1-11igl05 | ||
Lenovo Ideapad 1-14igl05 Firmware | ||
Lenovo Ideapad 1-14igl05 | ||
Lenovo Ideapad S940-14iil Firmware | ||
Lenovo Ideapad S940-14iil | ||
Lenovo Ideapad S940-14iwl Firmware | ||
Lenovo Ideapad S940-14iwl | ||
Lenovo Ideapad Slim 1-11ast-05 Firmware | ||
Lenovo Ideapad Slim 1-11ast-05 | ||
Lenovo Ideapad Slim 1-14ast-05 Firmware | ||
Lenovo Ideapad Slim 1-14ast-05 | ||
Lenovo V130-15igm Firmware | ||
Lenovo V130-15igm | ||
Lenovo V330-15ikb Firmware | ||
Lenovo V330-15ikb | ||
Lenovo V330-15isk Firmware | ||
Lenovo V330-15isk | ||
Lenovo Yoga S730-13iml Firmware | ||
Lenovo Yoga S730-13iml | ||
Lenovo Yoga S940-14iil Firmware | ||
Lenovo Yoga S940-14iil | ||
Lenovo Yoga S940-14iwl Firmware | ||
Lenovo Yoga S940-14iwl | ||
Lenovo Ideacentre Aio 5-24imb05 Firmware | <2021-09-30 | |
Lenovo Ideacentre Aio 5-24imb05 | ||
Lenovo Ideacentre Aio 5-74imb05 Firmware | <2021-09-30 | |
Lenovo Ideacentre Aio 5-74imb05 |
Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-3453 is a vulnerability found in some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems that allows an attacker with physical access to write to the SPI flash storage.
CVE-2021-3453 has a severity rating of 4.6, which is considered medium.
Lenovo ThinkPad Helix, Lenovo ThinkPad T550, Lenovo ThinkPad W550s, Lenovo ThinkPad X1 Carbon 3rd Gen, Lenovo ThinkPad X250, Lenovo ThinkPad Yoga 15, Lenovo 730s-13iml, Lenovo Ideapad 1-11igl05, Lenovo Ideapad 1-14igl05, Lenovo Ideapad S940-14iil, Lenovo Ideapad S940-14iwl, Lenovo Ideapad Slim 1-11ast-05, Lenovo Ideapad Slim 1-14ast-05, Lenovo V130-15igm, Lenovo V330-15ikb, Lenovo V330-15isk, Lenovo Yoga S730-13iml, Lenovo Yoga S940-14iil, Lenovo Yoga S940-14iwl, Lenovo Ideacentre Aio 5-24imb05, and Lenovo Ideacentre Aio 5-74imb05 are affected by CVE-2021-3453.
An attacker with physical access to the affected systems can exploit CVE-2021-3453 by writing to the SPI flash storage.
You can find more information about CVE-2021-3453 on the Lenovo product security website: https://support.lenovo.com/us/en/product_security/LEN-65529