Lucene search

[email protected]CVE-2021-4210

HistoryApr 22, 2022 - 9:15 p.m.

CVE-2021-4210

2022-04-2221:15:09

CWE-20

[email protected]

web.nvd.nist.gov

cve-2021-4210

lenovo

smi callback function

nvme driver

vulnerability

local access

elevated privileges

arbitrary code

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Affected configurations

NVD

Node

lenovostadia_ggp-120_firmwareMatch-

AND

lenovostadia_ggp-120Match-

Node

lenovothinkedge_se30_firmwareMatch-

AND

lenovothinkedge_se30Match-

Node

lenovov540-24iwl_firmwareMatch-

AND

lenovov540-24iwlMatch-

Node

lenovothinkstation_p520_firmwareMatch-

AND

lenovothinkstation_p520Match-

Node

lenovothinkstation_p310_firmwareMatch-

AND

lenovothinkstation_p310Match-

Node

lenovov50t-13imb_firmwareMatch-

AND

lenovov50t-13imbMatch-

Node

lenovothinkstation_p520c_firmwareMatch-

AND

lenovothinkstation_p520cMatch-

Node

lenovoa540-27icb_firmwareMatch-

AND

lenovoa540-27icbMatch-

Node

lenovoa540-24icb_firmwareMatch-

AND

lenovoa540-24icbMatch-

Node

lenovoideacentre_g5-14imb05_firmwareMatch-

AND

lenovoideacentre_g5-14imb05Match-

Node

lenovov410z_firmwareMatch-

AND

lenovov410zMatch-

Node

lenovothinkcentre_m910z_firmwareMatch-

AND

lenovothinkcentre_m910zMatch-

Node

lenovothinkcentre_m70a_firmwareMatch-

AND

lenovothinkcentre_m70aMatch-

Node

lenovothinkcentre_m75n_firmwareMatch-

AND

lenovothinkcentre_m75nMatch-

Node

lenovothinkcentre_x1_firmwareMatch-

AND

lenovothinkcentre_x1Match-

Node

lenovothinkcentre_m900_firmwareMatch-

AND

lenovothinkcentre_m900Match-

Node

lenovothinkcentre_m810z_firmwareMatch-

AND

lenovothinkcentre_m810zMatch-

Node

lenovothinkcentre_m90a_gen2_firmwareMatch-

AND

lenovothinkcentre_m90a_gen2Match-

Node

lenovothinkcentre_m820z_firmwareMatch-

AND

lenovothinkcentre_m820zMatch-

Node

lenovoideacentre_aio_3-27itl6_firmwareMatch-

AND

lenovoideacentre_aio_3-27itl6Match-

Node

lenovoideacentre_aio_3-24itl6_firmwareMatch-

AND

lenovoideacentre_aio_3-24itl6Match-

Node

lenovothinkcentre_m900x_firmwareMatch-

AND

lenovothinkcentre_m900xMatch-

Node

lenovothinkcentre_m800_firmwareMatch-

AND

lenovothinkcentre_m800Match-

Node

lenovoideacentre_aio_3-24iil5_firmwareMatch-

AND

lenovoideacentre_aio_3-24iil5Match-

Node

lenovothinkcentre_m700_firmwareMatch-

AND

lenovothinkcentre_m700Match-

Node

lenovothinkcentre_m700_tiny_firmwareMatch-

AND

lenovothinkcentre_m700_tinyMatch-

Node

lenovoideacentre_aio_3-24ada6_firmwareMatch-

AND

lenovoideacentre_aio_3-24ada6Match-

Node

lenovoideacentre_aio_3-22itl6_firmwareMatch-

AND

lenovoideacentre_aio_3-22itl6Match-

Node

lenovoideacentre_aio_3-22iil5_firmwareMatch-

AND

lenovoideacentre_aio_3-22iil5Match-

Node

lenovoideacentre_aio_3-22ada6_firmwareMatch-

AND

lenovoideacentre_aio_3-22ada6Match-

Node

lenovoideacentre_5-14imb05_firmwareMatch-

AND

lenovoideacentre_5-14imb05Match-

Node

lenovoideacentre_c5-14imb05_firmwareMatch-

AND

lenovoideacentre_c5-14imb05Match-

CPENameOperatorVersion
lenovo:stadia_ggp-120_firmwarelenovo stadia ggp-120 firmwareeq-

CPE	Name	Operator	Version
lenovo:stadia_ggp-120_firmware	lenovo stadia ggp-120 firmware	eq	-

CNA Affected

[
  {
    "product": "BIOS",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-77639

Social References

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2021-4210

prion1 cvelist1 nvd1