Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.

Metrics

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00048.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Lenovo Subscribe
730s-13iml Subscribe
730s-13iml Firmware Subscribe
Ideacentre Aio 5-24imb05 Subscribe
Ideacentre Aio 5-24imb05 Firmware Subscribe
Ideacentre Aio 5-74imb05 Subscribe
Ideacentre Aio 5-74imb05 Firmware Subscribe
Ideapad 1-11igl05 Subscribe
Ideapad 1-11igl05 Firmware Subscribe
Ideapad 1-14igl05 Subscribe
Ideapad 1-14igl05 Firmware Subscribe
Ideapad S940-14iil Subscribe
Ideapad S940-14iil Firmware Subscribe
Ideapad S940-14iwl Subscribe
Ideapad S940-14iwl Firmware Subscribe
Ideapad Slim 1-11ast-05 Subscribe
Ideapad Slim 1-11ast-05 Firmware Subscribe
Ideapad Slim 1-14ast-05 Subscribe
Ideapad Slim 1-14ast-05 Firmware Subscribe
Thinkpad Helix Subscribe
Thinkpad Helix Firmware Subscribe
Thinkpad T550 Subscribe
Thinkpad T550 Firmware Subscribe
Thinkpad W550s Subscribe
Thinkpad W550s Firmware Subscribe
Thinkpad X1 Carbon 3rd Gen Subscribe
Thinkpad X1 Carbon 3rd Gen Firmware Subscribe
Thinkpad X250 Subscribe
Thinkpad X250 Firmware Subscribe
Thinkpad Yoga 15 Subscribe
Thinkpad Yoga 15 Firmware Subscribe
V130-15igm Subscribe
V130-15igm Firmware Subscribe
V330-15ikb Subscribe
V330-15ikb Firmware Subscribe
V330-15isk Subscribe
V330-15isk Firmware Subscribe
Yoga S730-13iml Subscribe
Yoga S730-13iml Firmware Subscribe
Yoga S940-14iil Subscribe
Yoga S940-14iil Firmware Subscribe
Yoga S940-14iwl Subscribe
Yoga S940-14iwl Firmware Subscribe

Configuration 1 [-]

AND
cpe:2.3:o:lenovo:thinkpad_helix_firmware:n17etb4w:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_helix:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:lenovo:thinkpad_t550_firmware:n11et53w:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_t550:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:lenovo:thinkpad_w550s_firmware:n11et53w:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_w550s:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:lenovo:thinkpad_x1_carbon_3rd_gen_firmware:n14et55w:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_x1_carbon_3rd_gen:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:lenovo:thinkpad_x250_firmware:n10et62w:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_x250:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:lenovo:thinkpad_yoga_15_firmware:n19et65w:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkpad_yoga_15:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:lenovo:730s-13iml_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:730s-13iml:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:lenovo:ideapad_1-11igl05_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:ideapad_1-11igl05:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:lenovo:ideapad_1-14igl05_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:ideapad_1-14igl05:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:lenovo:ideapad_s940-14iil_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:ideapad_s940-14iil:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:lenovo:ideapad_s940-14iwl_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:ideapad_s940-14iwl:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:lenovo:ideapad_slim_1-11ast-05_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:ideapad_slim_1-11ast-05:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:lenovo:ideapad_slim_1-14ast-05_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:ideapad_slim_1-14ast-05:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:lenovo:v130-15igm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:v130-15igm:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:lenovo:v330-15ikb_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:v330-15ikb:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:lenovo:v330-15isk_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:v330-15isk:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:lenovo:yoga_s730-13iml_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:yoga_s730-13iml:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:lenovo:yoga_s940-14iil_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:yoga_s940-14iil:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:lenovo:yoga_s940-14iwl_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:yoga_s940-14iwl:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:lenovo:ideacentre_aio_5-24imb05_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:ideacentre_aio_5-24imb05:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:lenovo:ideacentre_aio_5-74imb05_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:ideacentre_aio_5-74imb05:-:*:*:*:*:*:*:*

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2021-26776 Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.
Fixes

Solution

Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529.

Workaround

No workaround given by the vendor.

References
Link Providers
https://support.lenovo.com/us/en/product_security/LEN-65529 cve-icon cve-icon
History

Tue, 16 Dec 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published:

Updated: 2025-12-16T17:56:22.882Z

Reserved: 2021-03-19T00:00:00.000Z

Link: CVE-2021-3453

cve-icon Vulnrichment

Updated: 2024-08-03T16:53:17.675Z

cve-icon NVD

Status : Modified

Published: 2021-07-16T21:15:10.683

Modified: 2024-11-21T06:21:34.380

Link: CVE-2021-3453

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses