CVE-2021-3453 MEDIUM

CVE-2021-3453

Vendor Lenovo
Product BIOS
Weakness CWE-693
Published July 16, 2021
Last update December 16, 2025

CVSS base score

6.8/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.

Key dates

02Disclosure timeline

July 16, 2021 CVE published
December 16, 2025 Record updated