First published: Fri Jul 16 2021(Updated: )
A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage.
Credit: psirt@lenovo.com
Affected Software | Affected Version | How to fix |
---|---|---|
Lenovo Ideapad 1-11ada05 Firmware | =fqcn19ww | |
Lenovo Ideapad 1-11ada05 | ||
Lenovo Ideapad 1-14ada05 Firmware | =fqcn19ww | |
Lenovo Ideapad 1-14ada05 | ||
Lenovo V130-15ikb Firmware | ||
Lenovo V130-15ikb | ||
Lenovo 100e 2nd Gen Firmware | ||
Lenovo 100e 2nd Gen | ||
Lenovo 300e 2nd Gen Firmware | ||
Lenovo 300e 2nd Gen | ||
Lenovo Ideapad 730-13iml Firmware | ||
Lenovo Ideapad 730-13iml | ||
Lenovo Ideapad Flex 5-14alc05 Firmware | ||
Lenovo Ideapad Flex 5-14alc05 | ||
Lenovo Ideapad Flex 5-15alc05 Firmware | ||
Lenovo Ideapad Flex 5-15alc05 | ||
Lenovo Ideapad 1-11igl05 Firmware | ||
Lenovo Ideapad 1-11igl05 | ||
Lenovo Ideapad 1-14igl05 Firmware | ||
Lenovo Ideapad 1-14igl05 | ||
Lenovo Ideapad S940-14iil Firmware | ||
Lenovo Ideapad S940-14iil | ||
Lenovo Ideapad S940-14iwl Firmware | ||
Lenovo Ideapad S940-14iwl | ||
Lenovo Ideapad Slim 1-11ast-05 Firmware | ||
Lenovo Ideapad Slim 1-11ast-05 | ||
Lenovo Ideapad Slim 1-14ast-05 Firmware | ||
Lenovo Ideapad Slim 1-14ast-05 | ||
Lenovo V130-15igm Firmware | ||
Lenovo V130-15igm | ||
Lenovo V330-15ikb Firmware | ||
Lenovo V330-15ikb | ||
Lenovo V330-15isk Firmware | ||
Lenovo V330-15isk | ||
Lenovo Ideapad Yoga C940-15irh Firmware | ||
Lenovo Ideapad Yoga C940-15irh | ||
Lenovo Ideapad Yoga S730-13iml Firmware | ||
Lenovo Ideapad Yoga S730-13iml | ||
Lenovo Ideapad Yoga S940-14iil Firmware | ||
Lenovo Ideapad Yoga S940-14iil | ||
Lenovo Ideapad Yoga S940-14iwl Firmware | ||
Lenovo Ideapad Yoga S940-14iwl |
Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-3614 is a vulnerability that allows an attacker with physical access to Lenovo Notebook systems to elevate privileges during a BIOS update.
CVE-2021-3614 has a severity value of 6.8, which is considered medium.
Lenovo Ideapad 1-11ada05 Firmware (version fqcn19ww) and Lenovo Ideapad 1-14ada05 Firmware (version fqcn19ww) are affected by CVE-2021-3614.
An attacker with physical access can exploit CVE-2021-3614 during a BIOS update performed by Lenovo Vantage.
You can find more information about CVE-2021-3614 on the Lenovo Product Security website.