CVE-2021-3972

Summary

A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Affected Software

VendorProductVersion RangeStatus
LenovoNotebook BIOSvariousaffected

Weaknesses

  • CWE-489: CWE-489 Leftover Debug Code

ADP Enrichment

CVE Program Container

Additional References

References