Vulnerability Description
A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Stadia Ggp-120 Firmware | - |
| Lenovo | Stadia Ggp-120 | - |
| Lenovo | Thinkedge Se30 Firmware | - |
| Lenovo | Thinkedge Se30 | - |
| Lenovo | V540-24Iwl Firmware | - |
| Lenovo | V540-24Iwl | - |
| Lenovo | Thinkstation P520 Firmware | - |
| Lenovo | Thinkstation P520 | - |
| Lenovo | Thinkstation P310 Firmware | - |
| Lenovo | Thinkstation P310 | - |
| Lenovo | V50T-13Imb Firmware | - |
| Lenovo | V50T-13Imb | - |
| Lenovo | Thinkstation P520C Firmware | - |
| Lenovo | Thinkstation P520C | - |
| Lenovo | A540-27Icb Firmware | - |
| Lenovo | A540-27Icb | - |
| Lenovo | A540-24Icb Firmware | - |
| Lenovo | A540-24Icb | - |
| Lenovo | Ideacentre G5-14Imb05 Firmware | - |
| Lenovo | Ideacentre G5-14Imb05 | - |
Related Weaknesses (CWE)
References
- https://support.lenovo.com/us/en/product_security/LEN-77639PatchVendor Advisory
- https://support.lenovo.com/us/en/product_security/LEN-77639PatchVendor Advisory
FAQ
What is CVE-2021-4210?
CVE-2021-4210 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privilege...
How severe is CVE-2021-4210?
CVE-2021-4210 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-4210?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Stadia Ggp-120 Firmware, Lenovo Stadia Ggp-120, Lenovo Thinkedge Se30 Firmware, Lenovo Thinkedge Se30, Lenovo V540-24Iwl Firmware.