What is CVE-2021-3453?

CVE-2021-3453 is a vulnerability found in some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems that allows an attacker with physical access to write to the SPI flash storage.

How severe is CVE-2021-3453?

CVE-2021-3453 has a severity rating of 4.6, which is considered medium.

Which Lenovo systems are affected by CVE-2021-3453?

Lenovo ThinkPad Helix, Lenovo ThinkPad T550, Lenovo ThinkPad W550s, Lenovo ThinkPad X1 Carbon 3rd Gen, Lenovo ThinkPad X250, Lenovo ThinkPad Yoga 15, Lenovo 730s-13iml, Lenovo Ideapad 1-11igl05, Lenovo Ideapad 1-14igl05, Lenovo Ideapad S940-14iil, Lenovo Ideapad S940-14iwl, Lenovo Ideapad Slim 1-11ast-05, Lenovo Ideapad Slim 1-14ast-05, Lenovo V130-15igm, Lenovo V330-15ikb, Lenovo V330-15isk, Lenovo Yoga S730-13iml, Lenovo Yoga S940-14iil, Lenovo Yoga S940-14iwl, Lenovo Ideacentre Aio 5-24imb05, and Lenovo Ideacentre Aio 5-74imb05 are affected by CVE-2021-3453.

How can an attacker exploit CVE-2021-3453?

An attacker with physical access to the affected systems can exploit CVE-2021-3453 by writing to the SPI flash storage.

Where can I find more information about CVE-2021-3453?

You can find more information about CVE-2021-3453 on the Lenovo product security website: https://support.lenovo.com/us/en/product_security/LEN-65529

Vulnerability/
CVE-2021-3453

medium

6.8

CWE

693

16/7/2021

3/8/2024

CVE-2021-3453

First published: Fri Jul 16 2021(Updated: )

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.

Credit: psirt@lenovo.com

Affected Software	Affected Version	How to fix
Lenovo Thinkpad Helix Firmware	=n17etb4w
Lenovo Thinkpad Helix
Lenovo Thinkpad T550 Firmware	=n11et53w
Lenovo Thinkpad T550
Lenovo Thinkpad W550s Firmware	=n11et53w
Lenovo Thinkpad W550s
Lenovo Thinkpad X1 Carbon 3rd Gen Firmware	=n14et55w
Lenovo Thinkpad X1 Carbon 3rd Gen
Lenovo Thinkpad X250 Firmware	=n10et62w
Lenovo Thinkpad X250
Lenovo Thinkpad Yoga 15 Firmware	=n19et65w
Lenovo Thinkpad Yoga 15
Lenovo 730s-13iml Firmware
Lenovo 730s-13iml
Lenovo Ideapad 1-11igl05 Firmware
Lenovo Ideapad 1-11igl05
Lenovo Ideapad 1-14igl05 Firmware
Lenovo Ideapad 1-14igl05
Lenovo Ideapad S940-14iil Firmware
Lenovo Ideapad S940-14iil
Lenovo Ideapad S940-14iwl Firmware
Lenovo Ideapad S940-14iwl
Lenovo Ideapad Slim 1-11ast-05 Firmware
Lenovo Ideapad Slim 1-11ast-05
Lenovo Ideapad Slim 1-14ast-05 Firmware
Lenovo Ideapad Slim 1-14ast-05
Lenovo V130-15igm Firmware
Lenovo V130-15igm
Lenovo V330-15ikb Firmware
Lenovo V330-15ikb
Lenovo V330-15isk Firmware
Lenovo V330-15isk
Lenovo Yoga S730-13iml Firmware
Lenovo Yoga S730-13iml
Lenovo Yoga S940-14iil Firmware
Lenovo Yoga S940-14iil
Lenovo Yoga S940-14iwl Firmware
Lenovo Yoga S940-14iwl
Lenovo Ideacentre Aio 5-24imb05 Firmware	<2021-09-30
Lenovo Ideacentre Aio 5-24imb05
Lenovo Ideacentre Aio 5-74imb05 Firmware	<2021-09-30
Lenovo Ideacentre Aio 5-74imb05

Remedy

Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529.

Never miss a vulnerability like this again

Reference Links

https://support.lenovo.com/us/en/product_security/LEN-65529

Frequently Asked Questions

What is CVE-2021-3453?
CVE-2021-3453 is a vulnerability found in some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems that allows an attacker with physical access to write to the SPI flash storage.
How severe is CVE-2021-3453?
CVE-2021-3453 has a severity rating of 4.6, which is considered medium.
Which Lenovo systems are affected by CVE-2021-3453?
Lenovo ThinkPad Helix, Lenovo ThinkPad T550, Lenovo ThinkPad W550s, Lenovo ThinkPad X1 Carbon 3rd Gen, Lenovo ThinkPad X250, Lenovo ThinkPad Yoga 15, Lenovo 730s-13iml, Lenovo Ideapad 1-11igl05, Lenovo Ideapad 1-14igl05, Lenovo Ideapad S940-14iil, Lenovo Ideapad S940-14iwl, Lenovo Ideapad Slim 1-11ast-05, Lenovo Ideapad Slim 1-14ast-05, Lenovo V130-15igm, Lenovo V330-15ikb, Lenovo V330-15isk, Lenovo Yoga S730-13iml, Lenovo Yoga S940-14iil, Lenovo Yoga S940-14iwl, Lenovo Ideacentre Aio 5-24imb05, and Lenovo Ideacentre Aio 5-74imb05 are affected by CVE-2021-3453.
How can an attacker exploit CVE-2021-3453?
An attacker with physical access to the affected systems can exploit CVE-2021-3453 by writing to the SPI flash storage.
Where can I find more information about CVE-2021-3453?
You can find more information about CVE-2021-3453 on the Lenovo product security website: https://support.lenovo.com/us/en/product_security/LEN-65529

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/severity
agent/last-modified-date
agent/references
agent/weakness
agent/remedy
agent/description
agent/first-publish-date
agent/tags
agent/event
vendor/lenovo
canonical/lenovo thinkpad helix firmware
version/lenovo thinkpad helix firmware/n17etb4w
canonical/lenovo thinkpad helix
canonical/lenovo thinkpad t550 firmware
version/lenovo thinkpad t550 firmware/n11et53w
canonical/lenovo thinkpad t550
canonical/lenovo thinkpad w550s firmware
version/lenovo thinkpad w550s firmware/n11et53w
canonical/lenovo thinkpad w550s
canonical/lenovo thinkpad x1 carbon 3rd gen firmware
version/lenovo thinkpad x1 carbon 3rd gen firmware/n14et55w
canonical/lenovo thinkpad x1 carbon 3rd gen
canonical/lenovo thinkpad x250 firmware
version/lenovo thinkpad x250 firmware/n10et62w
canonical/lenovo thinkpad x250
canonical/lenovo thinkpad yoga 15 firmware
version/lenovo thinkpad yoga 15 firmware/n19et65w
canonical/lenovo thinkpad yoga 15
canonical/lenovo 730s-13iml firmware
canonical/lenovo 730s-13iml
canonical/lenovo ideapad 1-11igl05 firmware
canonical/lenovo ideapad 1-11igl05
canonical/lenovo ideapad 1-14igl05 firmware
canonical/lenovo ideapad 1-14igl05
canonical/lenovo ideapad s940-14iil firmware
canonical/lenovo ideapad s940-14iil
canonical/lenovo ideapad s940-14iwl firmware
canonical/lenovo ideapad s940-14iwl
canonical/lenovo ideapad slim 1-11ast-05 firmware
canonical/lenovo ideapad slim 1-11ast-05
canonical/lenovo ideapad slim 1-14ast-05 firmware
canonical/lenovo ideapad slim 1-14ast-05
canonical/lenovo v130-15igm firmware
canonical/lenovo v130-15igm
canonical/lenovo v330-15ikb firmware
canonical/lenovo v330-15ikb
canonical/lenovo v330-15isk firmware
canonical/lenovo v330-15isk
canonical/lenovo yoga s730-13iml firmware
canonical/lenovo yoga s730-13iml
canonical/lenovo yoga s940-14iil firmware
canonical/lenovo yoga s940-14iil
canonical/lenovo yoga s940-14iwl firmware
canonical/lenovo yoga s940-14iwl
canonical/lenovo ideacentre aio 5-24imb05 firmware
canonical/lenovo ideacentre aio 5-24imb05
canonical/lenovo ideacentre aio 5-74imb05 firmware
canonical/lenovo ideacentre aio 5-74imb05