BIOS Image Vulnerability in Lenovo Notebook Devices Allows Unauthorized Firmware Modification

BIOS Image Vulnerability in Lenovo Notebook Devices Allows Unauthorized Firmware Modification

CVE-2021-3971 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable.

Learn more about our Cis Benchmark Audit For Apple Ios.