PT-2022-2320 · Lenovo · Lenovo Notebook

Published

2022-04-18

Updated

2022-05-06

CVE-2021-3972

CVSS v2.0

6.8

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Lenovo Notebook devices (affected versions not specified)

Description A potential issue with a driver used in the manufacturing process of some Lenovo Notebook devices' BIOS may allow an attacker with elevated privileges to modify secure boot settings by changing an NVRAM variable. This could potentially enable an attacker to run malicious drivers and applications during boot.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-489CWE-264

Related Identifiers

BDU:2022-02510

CVE-2021-3972

Affected Products

Lenovo Notebook

PT-2022-2320 · Lenovo · Lenovo Notebook

CVE-2021-3972

Weakness Enumeration

Related Identifiers

Affected Products

References · 13