CVE-2021-3970

CVSS 6.7 · Medium EPSS 0.36% · P58 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-3970

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

输入验证不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

Lenovo Notebook 输入验证错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Lenovo Notebook是中国联想（Lenovo）公司的联想的一款笔记本电脑。 Lenovo Notebook存在输入验证错误漏洞，该漏洞的存在是由于对 LenovoVariable SMI 处理程序中用户提供的输入的验证不充分。本地用户可以运行特制程序以提升权限执行任意代码。该漏洞允许本地用户提升系统的权限。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Lenovo	Notebook BIOS	various	-

II. Public POCs for CVE-2021-3970

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-3970

请登录查看更多情报信息。

Same Patch Batch · Lenovo · 2022-04-22 · 15 CVEs total

CVE-2021-3897	9.8 CRITICAL	Lenovo Fan Power Controller2 授权问题漏洞
CVE-2021-3849	9.8 CRITICAL	Lenovo Fan Power Controller2和Lenovo System Management Module 授权问题漏洞
CVE-2022-0354	7.3 HIGH	Lenovo Vantage代码注入漏洞
CVE-2022-0192	7.3 HIGH	Lenovo PCManager 代码问题漏洞
CVE-2022-1108	6.7 MEDIUM	Lenovo ThinkPad 缓冲区错误漏洞
CVE-2022-1107	6.7 MEDIUM	Lenovo ThinkPad 权限许可和访问控制问题漏洞
CVE-2021-4212	6.7 MEDIUM	Lenovo Notebook 输入验证错误漏洞
CVE-2021-4211	6.7 MEDIUM	Intel Processors 输入验证错误漏洞
CVE-2021-4210	6.7 MEDIUM	Intel Processors 安全漏洞
CVE-2021-3972	6.7 MEDIUM	Lenovo Notebook 安全漏洞
CVE-2021-3971	6.7 MEDIUM	Lenovo Notebook 安全漏洞
CVE-2021-3721	5.5 MEDIUM	Lenovo Pcmanager 缓冲区错误漏洞
CVE-2022-0636	5.0 MEDIUM	Lenovo Thin Installer 输入验证错误漏洞
CVE-2021-3722	5.0 MEDIUM	Lenovo Pcmanager 安全漏洞

IV. Related Vulnerabilities

Same product: Notebook BIOS

Same vendor: Lenovo

Same weakness: CWE-20

V. Comments for CVE-2021-3970

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-3970

I. Basic Information for CVE-2021-3970

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-3970

III. Intelligence Information for CVE-2021-3970

Same Patch Batch · Lenovo · 2022-04-22 · 15 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-3970

Leave a comment