CVE-2021-3970

Name of the Vulnerable Software and Affected Versions Lenovo Notebook models BIOS (affected versions not specified)

Description The issue is related to insufficient validation in the LenovoVariable SMI Handler, which may allow an attacker with local access and elevated privileges to execute arbitrary code. This vulnerability can be exploited by passing a physical address of a specially crafted buffer as a parameter to the SMI handler, potentially enabling the attacker to elevate their privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.