CVE-2021-3453
Summary
| CVE | CVE-2021-3453 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-07-16 21:15:00 UTC |
| Updated | 2021-07-30 12:41:00 UTC |
| Description | Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Lenovo | 730s-13iml | - | All | All | All |
| Operating System | Lenovo | 730s-13iml Firmware | - | All | All | All |
| Hardware | Lenovo | Ideacentre Aio 5-24imb05 | - | All | All | All |
| Operating System | Lenovo | Ideacentre Aio 5-24imb05 Firmware | All | All | All | All |
| Hardware | Lenovo | Ideacentre Aio 5-74imb05 | - | All | All | All |
| Operating System | Lenovo | Ideacentre Aio 5-74imb05 Firmware | All | All | All | All |
| Hardware | Lenovo | Ideapad 1-11igl05 | - | All | All | All |
| Operating System | Lenovo | Ideapad 1-11igl05 Firmware | - | All | All | All |
| Hardware | Lenovo | Ideapad 1-14igl05 | - | All | All | All |
| Operating System | Lenovo | Ideapad 1-14igl05 Firmware | - | All | All | All |
| Hardware | Lenovo | Ideapad S940-14iil | - | All | All | All |
| Operating System | Lenovo | Ideapad S940-14iil Firmware | - | All | All | All |
| Hardware | Lenovo | Ideapad S940-14iwl | - | All | All | All |
| Operating System | Lenovo | Ideapad S940-14iwl Firmware | - | All | All | All |
| Hardware | Lenovo | Ideapad Slim 1-11ast-05 | - | All | All | All |
| Operating System | Lenovo | Ideapad Slim 1-11ast-05 Firmware | - | All | All | All |
| Hardware | Lenovo | Ideapad Slim 1-14ast-05 | - | All | All | All |
| Operating System | Lenovo | Ideapad Slim 1-14ast-05 Firmware | - | All | All | All |
| Hardware | Lenovo | Thinkpad Helix | - | All | All | All |
| Operating System | Lenovo | Thinkpad Helix Firmware | n17etb4w | All | All | All |
| Hardware | Lenovo | Thinkpad T550 | - | All | All | All |
| Operating System | Lenovo | Thinkpad T550 Firmware | n11et53w | All | All | All |
| Hardware | Lenovo | Thinkpad W550s | - | All | All | All |
| Operating System | Lenovo | Thinkpad W550s Firmware | n11et53w | All | All | All |
| Hardware | Lenovo | Thinkpad X1 Carbon 3rd Gen | - | All | All | All |
| Operating System | Lenovo | Thinkpad X1 Carbon 3rd Gen Firmware | n14et55w | All | All | All |
| Hardware | Lenovo | Thinkpad X250 | - | All | All | All |
| Operating System | Lenovo | Thinkpad X250 Firmware | n10et62w | All | All | All |
| Hardware | Lenovo | Thinkpad Yoga 15 | - | All | All | All |
| Operating System | Lenovo | Thinkpad Yoga 15 Firmware | n19et65w | All | All | All |
| Hardware | Lenovo | V130-15igm | - | All | All | All |
| Operating System | Lenovo | V130-15igm Firmware | - | All | All | All |
| Hardware | Lenovo | V330-15ikb | - | All | All | All |
| Operating System | Lenovo | V330-15ikb Firmware | - | All | All | All |
| Hardware | Lenovo | V330-15isk | - | All | All | All |
| Operating System | Lenovo | V330-15isk Firmware | - | All | All | All |
| Hardware | Lenovo | Yoga S730-13iml | - | All | All | All |
| Operating System | Lenovo | Yoga S730-13iml Firmware | - | All | All | All |
| Hardware | Lenovo | Yoga S940-14iil | - | All | All | All |
| Operating System | Lenovo | Yoga S940-14iil Firmware | - | All | All | All |
| Hardware | Lenovo | Yoga S940-14iwl | - | All | All | All |
| Operating System | Lenovo | Yoga S940-14iwl Firmware | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Lenovo BIOS Vulnerabilities (July 2021) - Lenovo Support US | MISC | support.lenovo.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Lenovo thanks Binarly efiXplorer team for reporting these issues.
There are currently no legacy QID mappings associated with this CVE.