7.2
CVE-2021-4212
- EPSS 0.11%
- Published 22.04.2022 21:15:10
- Last modified 21.11.2024 06:37:09
- Source psirt@lenovo.com
- Teams watchlist Login
- Open Login
A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.
Data is provided by the National Vulnerability Database (NVD)
Lenovo ≫ C340-14iml Firmware Version-
Lenovo ≫ C340-15iml Firmware Version-
Lenovo ≫ D330-10igm Firmware Version-
Lenovo ≫ Duet 3-10igl5 Firmware Version-
Lenovo ≫ E41-50 Firmware Version-
Lenovo ≫ Flex-14iml Firmware Version-
Lenovo ≫ Flex-15iml Firmware Version-
Lenovo ≫ Ideapad 3-14are05 Firmware Version-
Lenovo ≫ Ideapad 3-15are05 Firmware Version-
Lenovo ≫ Ideapad 3-17are05 Firmware Version-
Lenovo ≫ Ideapad 5-14alc05 Firmware Version-
Lenovo ≫ Ideapad 5-14are05 Firmware Version-
Lenovo ≫ Ideapad 5-15itl05 Firmware Version-
Lenovo ≫ Ideapad 5 Pro-14acn6 Firmware Version-
Lenovo ≫ Ideapad 5 Pro-14itl6 Firmware Version-
Lenovo ≫ Ideapad 5 Pro-16ihu6 Firmware Version-
Lenovo ≫ Ideapad Creator 5-15imh05 Firmware Version-
Lenovo ≫ Ideapad Gaming 3-15ach6 Firmware Version-
Lenovo ≫ Ideapad Gaming 3-15arh05 Firmware Version-
Lenovo ≫ Ideapad Gaming 3-15imh05 Firmware Version-
Lenovo ≫ L340-15irh Firmware Version-
Lenovo ≫ L340-15iwl Firmware Version-
Lenovo ≫ L340-15iwl Touch Firmware Version-
Lenovo ≫ L340-17irh Firmware Version-
Lenovo ≫ L340-17iwl Firmware Version-
Lenovo ≫ Legion Y540-15irh Firmware Version-
Lenovo ≫ Legion Y540-15irh-pg0 Firmware Version-
Lenovo ≫ Legion Y540-17irh Firmware Version-
Lenovo ≫ Legion Y540-17irh-pg0 Firmware Version-
Lenovo ≫ Legion Y545 Firmware Version-
Lenovo ≫ Legion Y545-pg0 Firmware Version-
Lenovo ≫ Legion Y7000-2019 Firmware Version-
Lenovo ≫ Legion Y7000-2019-pg0 Firmware Version-
Lenovo ≫ S340-13iml Firmware Version-
Lenovo ≫ S340-14api Firmware Version-
Lenovo ≫ S340-14iml Firmware Version-
Lenovo ≫ S340-15api Firmware Version-
Lenovo ≫ S340-15api Touch Firmware Version-
Lenovo ≫ S340-15iml Firmware Version-
Lenovo ≫ S540-14iml Firmware Version-
Lenovo ≫ S540-14iml Touch Firmware Version-
Lenovo ≫ S540-15iml Firmware Version-
Lenovo ≫ Slim 7-14are05 Firmware Version-
Lenovo ≫ Slim 7-14itl05 Firmware Version-
Lenovo ≫ Slim 7-15iil05 Firmware Version-
Lenovo ≫ Slim 7-15imh05 Firmware Version-
Lenovo ≫ Slim 7-15itl05 Firmware Version-
Lenovo ≫ Thinkbook 13x Itg Firmware Version-
Lenovo ≫ Thinkbook 14 G3 Itl Firmware Version-
Lenovo ≫ Thinkbook Plus G2 Itg Firmware Version-
Lenovo ≫ V14-are Firmware Version-
Lenovo ≫ V140-15iwl Firmware Version-
Lenovo ≫ V340-17iwl Firmware Version-
Lenovo ≫ Yoga 6-13alc6 Firmware Version-
Lenovo ≫ Yoga Creator 7-15imh05 Firmware Version-
Lenovo ≫ Yoga Slim 7-14are05 Firmware Version-
Lenovo ≫ Yoga Slim 7-14iil05 Firmware Version-
Lenovo ≫ Yoga Slim 7-14itl05 Firmware Version-
Lenovo ≫ Yoga Slim 7-15iil05 Firmware Version-
Lenovo ≫ Yoga Slim 7-15imh05 Firmware Version-
Lenovo ≫ Yoga Slim 7-15itl05 Firmware Version-
Lenovo ≫ Yoga Slim 7 Carbon 13itl5 Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.3 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| psirt@lenovo.com | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.