CVE-2021-3970: Input Validation
First published: Fri Apr 22 2022(Updated: )
A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo Ideapad 3-14ada05 Firmware | <e8cn33ww | |
| Lenovo Ideapad 3-14ada05 Firmware | ||
| Lenovo ideapad 3-14ada6 firmware | <hbcn21ww | |
| Lenovo ideapad 3-14ada6 firmware | ||
| Lenovo Ideapad 3-14ALC6 | <glcn43ww | |
| Lenovo Ideapad 3-14alc6 firmware | ||
| Lenovo IdeaPad 3-14ARE05 Firmware | <dzcn42ww | |
| Lenovo IdeaPad 3-14ARE05 Firmware | ||
| Lenovo Ideapad 3 | <hbcn21ww | |
| Lenovo Ideapad 3 | ||
| Lenovo Ideapad 3-15ALC6 Firmware | <glcn43ww | |
| Lenovo Ideapad 3-15ALC6 Firmware | ||
| Lenovo Ideapad 3-15ARE05 Firmware | <dzcn42ww | |
| Lenovo Ideapad 3-15are05 firmware | ||
| Lenovo Ideapad 3-15IGL05 Firmware | <dvcn23ww | |
| Lenovo ideapad 3-15igl05 firmware | ||
| Lenovo Ideapad 3-17ADA05 Firmware | <e8cn33ww | |
| Lenovo Ideapad 3-17ADA05 Firmware | ||
| Lenovo Ideapad 3-17ADA6 | <hbcn21ww | |
| Lenovo Ideapad 3 | ||
| Lenovo Ideapad 3-17ALC6 Firmware | <glcn43ww | |
| Lenovo Ideapad 3-17ALC6 Firmware | ||
| Lenovo Ideapad 3-17are05 | <dzcn42ww | |
| Lenovo Ideapad 3 | ||
| Lenovo Ideapad 3-17iil05 | <emcn52ww | |
| Lenovo Ideapad 3-17IIL05 Firmware | ||
| Lenovo Ideapad 3-17ITL6 | <ggcn33ww | |
| Lenovo Ideapad 3-17itl6 Firmware | ||
| Lenovo Ideapad 3-15ada05 | <e8cn33ww | |
| Lenovo Ideapad 3 | ||
| Lenovo IdeaPad L3 15IML05 | <ejcn27ww | |
| Lenovo IdeaPad L3 15IML05 | ||
| Lenovo L3-15ITL6 Firmware | <gfcn23ww | |
| Lenovo Ideapad 3-15ITL6 | ||
| Lenovo L340-15IRH | <bgcn35ww | |
| Lenovo L340-15IRH Firmware | ||
| Lenovo L340-15IWl Touch Firmware | <atcn46ww | |
| Lenovo L340-15IWL Touch | ||
| Lenovo L340-15IWL Touch Firmware | <atcn46ww | |
| Lenovo L340-15IWL | ||
| Lenovo L340-17IRH Firmware | <bgcn35ww | |
| Lenovo L340-17IRH Firmware | ||
| Lenovo L340-17IWL | <atcn46ww | |
| Lenovo L340-17IWL Firmware | ||
| Lenovo Legion 5 Pro 16ACH6 Firmware | <hhcn25ww | |
| Lenovo Legion 5 Pro 16ACH6H | ||
| Lenovo Legion 5 Pro 16ACH6H | <gkcn51ww | |
| Lenovo Legion 5 Pro 16ACH6H | ||
| Lenovo Legion 5 Pro 16ITH6H Firmware | <h1cn46ww | |
| Lenovo Legion 5 Pro 16ITH6 | ||
| Lenovo Legion 5 Pro 16ITH6H Firmware | <h1cn46ww | |
| Lenovo Legion 5 Pro 16ITH6 | ||
| Lenovo Legion 5-15ACH6A Firmware | <hhcn25ww | |
| Lenovo Legion 5-15ACH6 Firmware | ||
| Lenovo Legion 5-15ACH6 Firmware | <g9cn28ww | |
| Lenovo Legion 5-15ACH6A Firmware | ||
| Lenovo Legion 5 - 17ACH6H | <gkcn51ww | |
| Lenovo Legion 5-15ACH6H Firmware | ||
| Lenovo Legion 5 Firmware | <g8cn19ww | |
| Lenovo Legion 5-15IMH6 Firmware | ||
| Lenovo Legion 5 15ITH6 Firmware | <h1cn46ww | |
| Lenovo Legion 5 15ITH6 Firmware | ||
| Lenovo Legion 5 15ITH6H | <h1cn46ww | |
| Lenovo Legion 5 15ITH6H | ||
| Lenovo Legion 5-17ACH6H Firmware | <hhcn25ww | |
| Lenovo Legion 5-17ACH6 Firmware | ||
| Lenovo Legion 5-17ACH6H Firmware | <gkcn51ww | |
| Lenovo Legion 5 - 17ACH6H | ||
| Lenovo Legion 5-17ITH6H Firmware | <h1cn46ww | |
| Lenovo Legion 5 | ||
| Lenovo Legion 5 Firmware | <h1cn46ww | |
| Lenovo Legion 5-17ITH6H Firmware | ||
| Lenovo Legion 7 16ACHG6 Firmware | <gkcn51ww | |
| Lenovo Legion 7 16ACHG6 Firmware | ||
| Lenovo Legion 7-16ITHG6 | <gkcn51ww | |
| Lenovo Legion 7 16ITHG6 Firmware | ||
| Lenovo Legion S7-15ACH6 | <hacn35ww | |
| Lenovo Legion S7-15ACH6 Firmware | ||
| Lenovo Legion Y540 | <bhcn44ww | |
| Lenovo Legion Y540-15IRH Firmware | ||
| Lenovo Legion Y540-15IRH Firmware | <bhcn44ww | |
| Lenovo Legion Y540-15IRH | ||
| Lenovo Legion Y540-17IRH | <bhcn44ww | |
| Lenovo Legion Y540 | ||
| Lenovo Legion Y540-17IRH Firmware | <bhcn44ww | |
| Lenovo Legion Y540-17IRH-PG0 Firmware | ||
| Lenovo Legion Y545 Firmware | <bhcn44ww | |
| Lenovo Legion Y545 PG0 | ||
| Lenovo Legion Y545 Firmware | <bhcn44ww | |
| Lenovo Legion Y545 | ||
| Lenovo Legion Y7000P 2019 Firmware | <bhcn44ww | |
| Lenovo Legion Y7000 2019 | ||
| Lenovo Legion Y7000-2019 Firmware | <bhcn44ww | |
| Lenovo Legion Y7000 2019 | ||
| Lenovo S14 G2 ITL | <ggcn33ww | |
| Lenovo S14 G2 ITL Firmware | ||
| Lenovo S145-14IGM Firmware | <bucn31ww | |
| Lenovo S145-14API | ||
| Lenovo S145-14IGM Firmware | <aycn26ww | |
| Lenovo S145-14AST | ||
| Lenovo S145-14IGM Firmware | <awcn28ww | |
| Lenovo S145-14API | ||
| Lenovo S145-14IGM Firmware | <dkcn54ww | |
| Lenovo S145-14IIL Firmware | ||
| Lenovo S145-15api Firmware | <bucn31ww | |
| Lenovo S145-15api Firmware | ||
| Lenovo S145-15AST Firmware | <aycn26ww | |
| Lenovo S145-15api Firmware | ||
| Lenovo S145-15IGM | <awcn28ww | |
| Lenovo S145 | ||
| Lenovo s145-15iil | <dkcn54ww | |
| Lenovo s145-15iil firmware | ||
| Lenovo S540-13API | <cxcn34ww | |
| Lenovo S540-13API Firmware | ||
| Lenovo S540-13IML | ||
| Lenovo S540-13ITL | ||
| Lenovo Slim 7 Pro 14IHU5 Firmware | ||
| Lenovo Slim 7 Pro 14IHU5 Firmware | ||
| Lenovo Yoga Slim 9-14ITL05 Firmware | ||
| Lenovo Yoga Slim 9-14ITL05 | ||
| Lenovo v14 g1-iml | <dxcn41ww | |
| Lenovo V14 | ||
| Lenovo V14 G2 ACL Firmware | <glcn43ww | |
| Lenovo V14 G2 ACL | ||
| Lenovo V14 G2 ITL | <ggcn33ww | |
| Lenovo V14 G2 ITL | ||
| Lenovo v14-ada firmware | <e8cn33ww | |
| Lenovo v14-ada firmware | ||
| Lenovo v14-are firmware | <dzcn42ww | |
| Lenovo v14-are firmware | ||
| Lenovo v14-igl firmware | <dvcn23ww | |
| Lenovo v14-igl firmware | ||
| Lenovo v14-iil firmware | <dkcn54ww | |
| Lenovo v14-iil firmware | ||
| Lenovo v140-15iwl | <atcn46ww | |
| Lenovo v140-15iwl firmware | ||
| Lenovo v15 G1-IML Firmware | <dxcn41ww | |
| Lenovo v15 G1-IML Firmware | ||
| Lenovo V15 G2-ALC | <glcn43ww | |
| Lenovo v15 g2 ijl | ||
| Lenovo v15 g2-itl firmware | <ggcn33ww | |
| Lenovo v15 g2-itl firmware | ||
| Lenovo v15-ada firmware | <e8cn33ww | |
| Lenovo v15-ada firmware | ||
| Lenovo v15-igl firmware | <dvcn23ww | |
| Lenovo v15-igl | ||
| Lenovo v15-iil | <dkcn54ww | |
| Lenovo v15-iil firmware | ||
| Lenovo V17 G2 ITL Firmware | <ggcn33ww | |
| Lenovo V17 G2 ITL | ||
| Lenovo v17-iil firmware | <emcn52ww | |
| Lenovo v17-iil | ||
| Lenovo v340-17iwl | <atcn46ww | |
| Lenovo v340-17iwl firmware | ||
| Lenovo Yoga 7-14ACN6 Firmware | <h9cn26ww | |
| Lenovo Yoga 7-14ACN6 Firmware | ||
| Lenovo Yoga C740-14IML | <bncn44ww | |
| Lenovo Yoga C740-14IML Firmware | ||
| Lenovo Yoga C740-15IML | <bncn44ww | |
| Lenovo Yoga C740-15IML Firmware | ||
| Lenovo Yoga C940 Firmware | ||
| Lenovo Yoga C940 Firmware | ||
| Lenovo Yoga Slim 7 Pro 14ACH5 Firmware | <hecn24ww | |
| Lenovo Yoga Slim 7 Pro-14ach5 | ||
| Lenovo Yoga Slim 7 Pro 14ACH5 Firmware | <gzcn27ww | |
| Lenovo Yoga Slim 7 Pro 14ACH5 Firmware | ||
| Lenovo Yoga Slim 7 Pro 14ACH5 O Firmware | <gzcn27ww | |
| Lenovo Yoga Slim 7 Pro-14ach5 | ||
| Lenovo Yoga Slim 7 Pro 14ACH5 O Firmware | <hecn24ww | |
| Lenovo Yoga Slim 7 Pro-14ach5 | ||
| Lenovo Yoga Slim 7 Pro 14ARH5 Firmware | <g7cn21ww | |
| Lenovo Yoga Slim 7 Pro | ||
| Lenovo Yoga Slim 7 Pro 14IHU5 Firmware | ||
| Lenovo Slim 7 Pro 14IHU5 Firmware | ||
| Lenovo Yoga Slim 7 Pro 14IHU5 Firmware | ||
| Lenovo Slim 7 Pro 14IHU5 Firmware | ||
| Lenovo Yoga Slim 7 Pro 14ITL5 Firmware | ||
| Lenovo Yoga Slim 7 Pro 14ITL5 | ||
| Lenovo Yoga Slim 9 14IAP7 Firmware | ||
| Lenovo Slim 9 14ITL05 Firmware | ||
| Lenovo Ideapad 3 14iil05 Firmware | <dvcn23ww | |
| Lenovo Ideapad 3 14iil05 Firmware | ||
| Lenovo Ideapad 3-14IGL05 Firmware | <emcn52ww | |
| Lenovo ideapad 3-14igl05 firmware | ||
| Lenovo ideapad 3-14iml05 | <dxcn41ww | |
| Lenovo Ideapad 3 | ||
| Lenovo Ideapad 3-14itl6 firmware | <gccn26ww | |
| Lenovo ideapad 3-14itl6 | ||
| Lenovo Ideapad 3-14itl6 firmware | <ggcn33ww | |
| Lenovo Ideapad 3-14itl6 firmware | ||
| Lenovo Ideapad 3-15IIL05 Firmware | <emcn52ww | |
| Lenovo Ideapad 3 15iil05 | ||
| Lenovo L3 15IML05 Firmware | <dxcn41ww | |
| Lenovo IdeaPad L3 15IML05 | ||
| Lenovo ideapad 3-15itl05 | <gccn26ww | |
| Lenovo ideapad 3-15IML05 | ||
| Lenovo Ideapad 3-15ITL6 | <ggcn33ww | |
| Lenovo L3-15ITL6 Firmware | ||
| Lenovo ideapad 3 17IML05 firmware | <dxcn41ww | |
| Lenovo Ideapad 3 17IML05 | ||
| Lenovo ideapad 5-14are05 firmware | <e7cn44ww | |
| Lenovo Ideapad 5-15are05 Firmware | ||
| Lenovo Ideapad 5-15iil05 | <dpcn54ww | |
| Lenovo Ideapad 5-15iil05 | ||
| Lenovo Ideapad Creator 5-15imh05 Firmware | <egcn36ww | |
| Lenovo Ideapad Creator 5-15imh05 Firmware | ||
| Lenovo Ideapad Gaming 3-15ARH05 | <fccn17ww | |
| Lenovo Ideapad Gaming 3-15ARH05 Firmware | ||
| Lenovo Ideapad Gaming 3-15IMH05 | <egcn36ww | |
| Lenovo Ideapad Gaming 3-15IMH05 Firmware |
Remedy
Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-73440.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-3970?
The severity of CVE-2021-3970 is classified as high due to its potential to allow arbitrary code execution with local access.
How do I fix CVE-2021-3970?
To fix CVE-2021-3970, users should update the BIOS on affected Lenovo Notebook models to the latest version provided by Lenovo.
Which Lenovo models are affected by CVE-2021-3970?
CVE-2021-3970 affects various Lenovo ideapad models such as the 3-14ADA05, 3-14ADA6, and others specified in the security advisory.
What are the risks associated with CVE-2021-3970?
The risks associated with CVE-2021-3970 include potential unauthorized access and control over the affected system, posing a significant security threat.
Is local access required to exploit CVE-2021-3970?
Yes, local access is required to exploit CVE-2021-3970, making it a targeted risk mainly for environments with unauthorized physical access.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/lenovo
- canonical/lenovo ideapad 3-14ada05 firmware
- canonical/lenovo ideapad 3-14ada6 firmware
- canonical/lenovo ideapad 3-14alc6
- canonical/lenovo ideapad 3-14alc6 firmware
- canonical/lenovo ideapad 3-14are05 firmware
- canonical/lenovo ideapad 3
- canonical/lenovo ideapad 3-15alc6 firmware
- canonical/lenovo ideapad 3-15are05 firmware
- canonical/lenovo ideapad 3-15igl05 firmware
- canonical/lenovo ideapad 3-17ada05 firmware
- canonical/lenovo ideapad 3-17ada6
- canonical/lenovo ideapad 3-17alc6 firmware
- canonical/lenovo ideapad 3-17are05
- canonical/lenovo ideapad 3-17iil05
- canonical/lenovo ideapad 3-17iil05 firmware
- canonical/lenovo ideapad 3-17itl6
- canonical/lenovo ideapad 3-17itl6 firmware
- canonical/lenovo ideapad 3-15ada05
- canonical/lenovo ideapad l3 15iml05
- canonical/lenovo l3-15itl6 firmware
- canonical/lenovo ideapad 3-15itl6
- canonical/lenovo l340-15irh
- canonical/lenovo l340-15irh firmware
- canonical/lenovo l340-15iwl touch firmware
- canonical/lenovo l340-15iwl touch
- canonical/lenovo l340-15iwl
- canonical/lenovo l340-17irh firmware
- canonical/lenovo l340-17iwl
- canonical/lenovo l340-17iwl firmware
- canonical/lenovo legion 5 pro 16ach6 firmware
- canonical/lenovo legion 5 pro 16ach6h
- canonical/lenovo legion 5 pro 16ith6h firmware
- canonical/lenovo legion 5 pro 16ith6
- canonical/lenovo legion 5-15ach6a firmware
- canonical/lenovo legion 5-15ach6 firmware
- canonical/lenovo legion 5 - 17ach6h
- canonical/lenovo legion 5-15ach6h firmware
- canonical/lenovo legion 5 firmware
- canonical/lenovo legion 5-15imh6 firmware
- canonical/lenovo legion 5 15ith6 firmware
- canonical/lenovo legion 5 15ith6h
- canonical/lenovo legion 5-17ach6h firmware
- canonical/lenovo legion 5-17ach6 firmware
- canonical/lenovo legion 5-17ith6h firmware
- canonical/lenovo legion 5
- canonical/lenovo legion 7 16achg6 firmware
- canonical/lenovo legion 7-16ithg6
- canonical/lenovo legion 7 16ithg6 firmware
- canonical/lenovo legion s7-15ach6
- canonical/lenovo legion s7-15ach6 firmware
- canonical/lenovo legion y540
- canonical/lenovo legion y540-15irh firmware
- canonical/lenovo legion y540-15irh
- canonical/lenovo legion y540-17irh
- canonical/lenovo legion y540-17irh firmware
- canonical/lenovo legion y540-17irh-pg0 firmware
- canonical/lenovo legion y545 firmware
- canonical/lenovo legion y545 pg0
- canonical/lenovo legion y545
- canonical/lenovo legion y7000p 2019 firmware
- canonical/lenovo legion y7000 2019
- canonical/lenovo legion y7000-2019 firmware
- canonical/lenovo s14 g2 itl
- canonical/lenovo s14 g2 itl firmware
- canonical/lenovo s145-14igm firmware
- canonical/lenovo s145-14api
- canonical/lenovo s145-14ast
- canonical/lenovo s145-14iil firmware
- canonical/lenovo s145-15api firmware
- canonical/lenovo s145-15ast firmware
- canonical/lenovo s145-15igm
- canonical/lenovo s145
- canonical/lenovo s145-15iil
- canonical/lenovo s145-15iil firmware
- canonical/lenovo s540-13api
- canonical/lenovo s540-13api firmware
- canonical/lenovo s540-13iml
- canonical/lenovo s540-13itl
- canonical/lenovo slim 7 pro 14ihu5 firmware
- canonical/lenovo yoga slim 9-14itl05 firmware
- canonical/lenovo yoga slim 9-14itl05
- canonical/lenovo v14 g1-iml
- canonical/lenovo v14
- canonical/lenovo v14 g2 acl firmware
- canonical/lenovo v14 g2 acl
- canonical/lenovo v14 g2 itl
- canonical/lenovo v14-ada firmware
- canonical/lenovo v14-are firmware
- canonical/lenovo v14-igl firmware
- canonical/lenovo v14-iil firmware
- canonical/lenovo v140-15iwl
- canonical/lenovo v140-15iwl firmware
- canonical/lenovo v15 g1-iml firmware
- canonical/lenovo v15 g2-alc
- canonical/lenovo v15 g2 ijl
- canonical/lenovo v15 g2-itl firmware
- canonical/lenovo v15-ada firmware
- canonical/lenovo v15-igl firmware
- canonical/lenovo v15-igl
- canonical/lenovo v15-iil
- canonical/lenovo v15-iil firmware
- canonical/lenovo v17 g2 itl firmware
- canonical/lenovo v17 g2 itl
- canonical/lenovo v17-iil firmware
- canonical/lenovo v17-iil
- canonical/lenovo v340-17iwl
- canonical/lenovo v340-17iwl firmware
- canonical/lenovo yoga 7-14acn6 firmware
- canonical/lenovo yoga c740-14iml
- canonical/lenovo yoga c740-14iml firmware
- canonical/lenovo yoga c740-15iml
- canonical/lenovo yoga c740-15iml firmware
- canonical/lenovo yoga c940 firmware
- canonical/lenovo yoga slim 7 pro 14ach5 firmware
- canonical/lenovo yoga slim 7 pro-14ach5
- canonical/lenovo yoga slim 7 pro 14ach5 o firmware
- canonical/lenovo yoga slim 7 pro 14arh5 firmware
- canonical/lenovo yoga slim 7 pro
- canonical/lenovo yoga slim 7 pro 14ihu5 firmware
- canonical/lenovo yoga slim 7 pro 14itl5 firmware
- canonical/lenovo yoga slim 7 pro 14itl5
- canonical/lenovo yoga slim 9 14iap7 firmware
- canonical/lenovo slim 9 14itl05 firmware
- canonical/lenovo ideapad 3 14iil05 firmware
- canonical/lenovo ideapad 3-14igl05 firmware
- canonical/lenovo ideapad 3-14iml05
- canonical/lenovo ideapad 3-14itl6 firmware
- canonical/lenovo ideapad 3-14itl6
- canonical/lenovo ideapad 3-15iil05 firmware
- canonical/lenovo ideapad 3 15iil05
- canonical/lenovo l3 15iml05 firmware
- canonical/lenovo ideapad 3-15itl05
- canonical/lenovo ideapad 3-15iml05
- canonical/lenovo ideapad 3 17iml05 firmware
- canonical/lenovo ideapad 3 17iml05
- canonical/lenovo ideapad 5-14are05 firmware
- canonical/lenovo ideapad 5-15are05 firmware
- canonical/lenovo ideapad 5-15iil05
- canonical/lenovo ideapad creator 5-15imh05 firmware
- canonical/lenovo ideapad gaming 3-15arh05
- canonical/lenovo ideapad gaming 3-15arh05 firmware
- canonical/lenovo ideapad gaming 3-15imh05
- canonical/lenovo ideapad gaming 3-15imh05 firmware