CVE-2021-4210

Published: Apr 22, 2022Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Affected (32)

Lenovo

32 products

Stadia Ggp 120 Firmware

Thinkedge Se30 Firmware

V540 24iwl Firmware

Thinkstation P520 Firmware

Thinkstation P310 Firmware

V50t 13imb Firmware

Thinkstation P520c Firmware

A540 27icb Firmware

A540 24icb Firmware

Ideacentre G5 14imb05 Firmware

V410z Firmware

Thinkcentre M910z Firmware

Thinkcentre M70a Firmware

Thinkcentre M75n Firmware

Thinkcentre X1 Firmware

Thinkcentre M900 Firmware

Thinkcentre M810z Firmware

Thinkcentre M90a Gen2 Firmware

Thinkcentre M820z Firmware

Ideacentre Aio 3 27itl6 Firmware

Ideacentre Aio 3 24itl6 Firmware

Thinkcentre M900x Firmware

Thinkcentre M800 Firmware

Ideacentre Aio 3 24iil5 Firmware

Thinkcentre M700 Firmware

Thinkcentre M700 Tiny Firmware

Ideacentre Aio 3 24ada6 Firmware

Ideacentre Aio 3 22itl6 Firmware

Ideacentre Aio 3 22iil5 Firmware

Ideacentre Aio 3 22ada6 Firmware

Ideacentre 5 14imb05 Firmware

Ideacentre C5 14imb05 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Stadia Ggp 120 Firmware	All versions

Running on/with	Platform Versions
Lenovo Stadia Ggp 120	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkedge Se30 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkedge Se30	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V540 24iwl Firmware	All versions

Running on/with	Platform Versions
Lenovo V540 24iwl	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P520 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkstation P520	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P310 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkstation P310	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V50t 13imb Firmware	All versions

Running on/with	Platform Versions
Lenovo V50t 13imb	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P520c Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkstation P520c	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo A540 27icb Firmware	All versions

Running on/with	Platform Versions
Lenovo A540 27icb	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo A540 24icb Firmware	All versions

Running on/with	Platform Versions
Lenovo A540 24icb	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre G5 14imb05 Firmware	All versions

Running on/with	Platform Versions
Lenovo Ideacentre G5 14imb05	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V410z Firmware	All versions

Running on/with	Platform Versions
Lenovo V410z	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M910z Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M910z	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M70a Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M70a	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M75n Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M75n	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre X1 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre X1	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M900 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M900	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M810z Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M810z	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M90a Gen2 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M90a Gen2	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M820z Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M820z	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre Aio 3 27itl6 Firmware	All versions

Running on/with	Platform Versions
Lenovo Ideacentre Aio 3 27itl6	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre Aio 3 24itl6 Firmware	All versions

Running on/with	Platform Versions
Lenovo Ideacentre Aio 3 24itl6	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M900x Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M900x	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M800 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M800	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre Aio 3 24iil5 Firmware	All versions

Running on/with	Platform Versions
Lenovo Ideacentre Aio 3 24iil5	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M700 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M700	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M700 Tiny Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M700 Tiny	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre Aio 3 24ada6 Firmware	All versions

Running on/with	Platform Versions
Lenovo Ideacentre Aio 3 24ada6	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre Aio 3 22itl6 Firmware	All versions

Running on/with	Platform Versions
Lenovo Ideacentre Aio 3 22itl6	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre Aio 3 22iil5 Firmware	All versions

Running on/with	Platform Versions
Lenovo Ideacentre Aio 3 22iil5	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre Aio 3 22ada6 Firmware	All versions

Running on/with	Platform Versions
Lenovo Ideacentre Aio 3 22ada6	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre 5 14imb05 Firmware	All versions

Running on/with	Platform Versions
Lenovo Ideacentre 5 14imb05	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre C5 14imb05 Firmware	All versions

Running on/with	Platform Versions
Lenovo Ideacentre C5 14imb05	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://support.lenovo.com/us/en/product_security/LEN-77639

Source: psirt@lenovo.com

PatchVendor Advisory

https://support.lenovo.com/us/en/product_security/LEN-77639

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.