CVE-2021-4210

EPSS 0.11%
Published 22.04.2022 21:15:09
Last modified 21.11.2024 06:37:09
Source psirt@lenovo.com
Teams watchlist Login
Open Login

A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Lenovo ≫ Stadia Ggp-120 Firmware Version-

Lenovo ≫ Stadia Ggp-120 Version-

Lenovo ≫ Thinkedge Se30 Firmware Version-

Lenovo ≫ Thinkedge Se30 Version-

Lenovo ≫ V540-24iwl Firmware Version-

Lenovo ≫ V540-24iwl Version-

Lenovo ≫ Thinkstation P520 Firmware Version-

Lenovo ≫ Thinkstation P520 Version-

Lenovo ≫ Thinkstation P310 Firmware Version-

Lenovo ≫ Thinkstation P310 Version-

Lenovo ≫ V50t-13imb Firmware Version-

Lenovo ≫ V50t-13imb Version-

Lenovo ≫ Thinkstation P520c Firmware Version-

Lenovo ≫ Thinkstation P520c Version-

Lenovo ≫ A540-27icb Firmware Version-

Lenovo ≫ A540-27icb Version-

Lenovo ≫ A540-24icb Firmware Version-

Lenovo ≫ A540-24icb Version-

Lenovo ≫ Ideacentre G5-14imb05 Firmware Version-

Lenovo ≫ Ideacentre G5-14imb05 Version-

Lenovo ≫ V410z Firmware Version-

Lenovo ≫ V410z Version-

Lenovo ≫ Thinkcentre M910z Firmware Version-

Lenovo ≫ Thinkcentre M910z Version-

Lenovo ≫ Thinkcentre M70a Firmware Version-

Lenovo ≫ Thinkcentre M70a Version-

Lenovo ≫ Thinkcentre M75n Firmware Version-

Lenovo ≫ Thinkcentre M75n Version-

Lenovo ≫ Thinkcentre X1 Firmware Version-

Lenovo ≫ Thinkcentre X1 Version-

Lenovo ≫ Thinkcentre M900 Firmware Version-

Lenovo ≫ Thinkcentre M900 Version-

Lenovo ≫ Thinkcentre M810z Firmware Version-

Lenovo ≫ Thinkcentre M810z Version-

Lenovo ≫ Thinkcentre M90a Gen2 Firmware Version-

Lenovo ≫ Thinkcentre M90a Gen2 Version-

Lenovo ≫ Thinkcentre M820z Firmware Version-

Lenovo ≫ Thinkcentre M820z Version-

Lenovo ≫ Ideacentre Aio 3-27itl6 Firmware Version-

Lenovo ≫ Ideacentre Aio 3-27itl6 Version-

Lenovo ≫ Ideacentre Aio 3-24itl6 Firmware Version-

Lenovo ≫ Ideacentre Aio 3-24itl6 Version-

Lenovo ≫ Thinkcentre M900x Firmware Version-

Lenovo ≫ Thinkcentre M900x Version-

Lenovo ≫ Thinkcentre M800 Firmware Version-

Lenovo ≫ Thinkcentre M800 Version-

Lenovo ≫ Ideacentre Aio 3-24iil5 Firmware Version-

Lenovo ≫ Ideacentre Aio 3-24iil5 Version-

Lenovo ≫ Thinkcentre M700 Firmware Version-

Lenovo ≫ Thinkcentre M700 Version-

Lenovo ≫ Thinkcentre M700 Tiny Firmware Version-

Lenovo ≫ Thinkcentre M700 Tiny Version-

Lenovo ≫ Ideacentre Aio 3-24ada6 Firmware Version-

Lenovo ≫ Ideacentre Aio 3-24ada6 Version-

Lenovo ≫ Ideacentre Aio 3-22itl6 Firmware Version-

Lenovo ≫ Ideacentre Aio 3-22itl6 Version-

Lenovo ≫ Ideacentre Aio 3-22iil5 Firmware Version-

Lenovo ≫ Ideacentre Aio 3-22iil5 Version-

Lenovo ≫ Ideacentre Aio 3-22ada6 Firmware Version-

Lenovo ≫ Ideacentre Aio 3-22ada6 Version-

Lenovo ≫ Ideacentre 5-14imb05 Firmware Version-

Lenovo ≫ Ideacentre 5-14imb05 Version-

Lenovo ≫ Ideacentre C5-14imb05 Firmware Version-

Lenovo ≫ Ideacentre C5-14imb05 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.11%	0.3

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
psirt@lenovo.com	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://support.lenovo.com/us/en/product_security/LEN-77639

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-4210

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-4210

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-4210

EUVD