Lucene search

[email protected]CVE-2021-4212

HistoryApr 22, 2022 - 9:15 p.m.

CVE-2021-4212

2022-04-2221:15:10

CWE-20

[email protected]

web.nvd.nist.gov

cve-2021-4212

vulnerability

smi callback function

legacy bios

lenovo notebook

arbitrary code execution

local access

elevated privileges

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Affected configurations

NVD

Node

lenovoc340-14iml_firmwareMatch-

AND

lenovoc340-14imlMatch-

Node

lenovoc340-15iml_firmwareMatch-

AND

lenovoc340-15imlMatch-

Node

lenovod330-10igm_firmwareMatch-

AND

lenovod330-10igmMatch-

Node

lenovoduet_3-10igl5_firmwareMatch-

AND

lenovoduet_3-10igl5Match-

Node

lenovoe41-50_firmwareMatch-

AND

lenovoe41-50Match-

Node

lenovoflex-14iml_firmwareMatch-

AND

lenovoflex-14imlMatch-

Node

lenovoflex-15iml_firmwareMatch-

AND

lenovoflex-15imlMatch-

Node

lenovoideapad_3-14are05_firmwareMatch-

AND

lenovoideapad_3-14are05Match-

Node

lenovoideapad_3-15are05_firmwareMatch-

AND

lenovoideapad_3-15are05Match-

Node

lenovoideapad_3-17are05_firmwareMatch-

AND

lenovoideapad_3-17are05Match-

Node

lenovoideapad_5-14alc05_firmwareMatch-

AND

lenovoideapad_5-14alc05Match-

Node

lenovoideapad_5-14are05_firmwareMatch-

AND

lenovoideapad_5-14are05Match-

Node

lenovoideapad_5-15itl05_firmwareMatch-

AND

lenovoideapad_5-15itl05Match-

Node

lenovoideapad_5_pro-14acn6_firmwareMatch-

AND

lenovoideapad_5_pro-14acn6Match-

Node

lenovoideapad_5_pro-14itl6_firmwareMatch-

AND

lenovoideapad_5_pro-14itl6Match-

Node

lenovoideapad_5_pro-16ihu6_firmwareMatch-

AND

lenovoideapad_5_pro-16ihu6Match-

Node

lenovoideapad_creator_5-15imh05_firmwareMatch-

AND

lenovoideapad_creator_5-15imh05Match-

Node

lenovoideapad_gaming_3-15ach6_firmwareMatch-

AND

lenovoideapad_gaming_3-15ach6Match-

Node

lenovoideapad_gaming_3-15arh05_firmwareMatch-

AND

lenovoideapad_gaming_3-15arh05Match-

Node

lenovoideapad_gaming_3-15imh05_firmwareMatch-

AND

lenovoideapad_gaming_3-15imh05Match-

Node

lenovol340-15irh_firmwareMatch-

AND

lenovol340-15irhMatch-

Node

lenovol340-15iwl_firmwareMatch-

AND

lenovol340-15iwlMatch-

Node

lenovol340-15iwl_touch_firmwareMatch-

AND

lenovol340-15iwl_touchMatch-

Node

lenovol340-17irh_firmwareMatch-

AND

lenovol340-17irhMatch-

Node

lenovol340-17iwl_firmwareMatch-

AND

lenovol340-17iwlMatch-

Node

lenovolegion_y540-15irh_firmwareMatch-

AND

lenovolegion_y540-15irhMatch-

Node

lenovolegion_y540-15irh-pg0_firmwareMatch-

AND

lenovolegion_y540-15irh-pg0Match-

Node

lenovolegion_y540-17irh_firmwareMatch-

AND

lenovolegion_y540-17irhMatch-

Node

lenovolegion_y540-17irh-pg0_firmwareMatch-

AND

lenovolegion_y540-17irh-pg0Match-

Node

lenovolegion_y545_firmwareMatch-

AND

lenovolegion_y545Match-

Node

lenovolegion_y545-pg0_firmwareMatch-

AND

lenovolegion_y545-pg0Match-

Node

lenovolegion_y7000-2019_firmwareMatch-

AND

lenovolegion_y7000-2019Match-

Node

lenovolegion_y7000-2019-pg0_firmwareMatch-

AND

lenovolegion_y7000-2019-pg0Match-

Node

lenovos340-13iml_firmwareMatch-

AND

lenovos340-13imlMatch-

Node

lenovos340-14api_firmwareMatch-

AND

lenovos340-14apiMatch-

Node

lenovos340-14iml_firmwareMatch-

AND

lenovos340-14imlMatch-

Node

lenovos340-15api_firmwareMatch-

AND

lenovos340-15apiMatch-

Node

lenovos340-15api_touch_firmwareMatch-

AND

lenovos340-15api_touchMatch-

Node

lenovos340-15iml_firmwareMatch-

AND

lenovos340-15imlMatch-

Node

lenovos540-14iml_firmwareMatch-

AND

lenovos540-14imlMatch-

Node

lenovos540-14iml_touch_firmwareMatch-

AND

lenovos540-14iml_touchMatch-

Node

lenovos540-15iml_firmwareMatch-

AND

lenovos540-15imlMatch-

Node

lenovoslim_7-14are05_firmwareMatch-

AND

lenovoslim_7-14are05Match-

Node

lenovoslim_7-14itl05_firmwareMatch-

AND

lenovoslim_7-14itl05Match-

Node

lenovoslim_7-15iil05_firmwareMatch-

AND

lenovoslim_7-15iil05Match-

Node

lenovoslim_7-15imh05_firmwareMatch-

AND

lenovoslim_7-15imh05Match-

Node

lenovoslim_7-15itl05_firmwareMatch-

AND

lenovoslim_7-15itl05Match-

Node

lenovothinkbook_13x_itg_firmwareMatch-

AND

lenovothinkbook_13x_itgMatch-

Node

lenovothinkbook_14_g3_itl_firmwareMatch-

AND

lenovothinkbook_14_g3_itlMatch-

Node

lenovothinkbook_plus_g2_itg_firmwareMatch-

AND

lenovothinkbook_plus_g2_itgMatch-

Node

lenovov14-are_firmwareMatch-

AND

lenovov14-areMatch-

Node

lenovov140-15iwl_firmwareMatch-

AND

lenovov140-15iwlMatch-

Node

lenovov340-17iwl_firmwareMatch-

AND

lenovov340-17iwlMatch-

Node

lenovoyoga_6-13alc6_firmwareMatch-

AND

lenovoyoga_6-13alc6Match-

Node

lenovoyoga_creator_7-15imh05_firmwareMatch-

AND

lenovoyoga_creator_7-15imh05Match-

Node

lenovoyoga_slim_7-14are05_firmwareMatch-

AND

lenovoyoga_slim_7-14are05Match-

Node

lenovoyoga_slim_7-14iil05_firmwareMatch-

AND

lenovoyoga_slim_7-14iil05Match-

Node

lenovoyoga_slim_7-14itl05_firmwareMatch-

AND

lenovoyoga_slim_7-14itl05Match-

Node

lenovoyoga_slim_7-15iil05_firmwareMatch-

AND

lenovoyoga_slim_7-15iil05Match-

Node

lenovoyoga_slim_7-15imh05_firmwareMatch-

AND

lenovoyoga_slim_7-15imh05Match-

Node

lenovoyoga_slim_7-15itl05_firmwareMatch-

AND

lenovoyoga_slim_7-15itl05Match-

Node

lenovoyoga_slim_7_carbon_13itl5_firmwareMatch-

AND

lenovoyoga_slim_7_carbon_13itl5Match-

CPENameOperatorVersion
lenovo:c340-14iml_firmwarelenovo c340-14iml firmwareeq-

CPE	Name	Operator	Version
lenovo:c340-14iml_firmware	lenovo c340-14iml firmware	eq	-

CNA Affected

[
  {
    "product": "BIOS",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-77639

Social References

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2021-4212

prion1 nvd1 cvelist1