What is CVE-2021-4210?

CVE-2021-4210 is a medium-severity vulnerability in Lenovo A540-24icb, classified under Improper Input Validation. CVSS score: 6.7/10. Published 2022-04-22.

How severe is CVE-2021-4210?

Medium severity. CVSS v3 base score is 6.7 out of 10.

Improper input validation in Lenovo A540-24icb

CVE-2021-4210

A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.002 (15.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Lenovo A540-24icb
Lenovo A540-24icb_firmware
Lenovo A540-27icb
Lenovo A540-27icb_firmware
Lenovo Bios — versions various
Lenovo Ideacentre_5-14imb05
Lenovo Ideacentre_5-14imb05_firmware
Lenovo Ideacentre_aio_3-22ada6
Lenovo Ideacentre_aio_3-22ada6_firmware
Lenovo Ideacentre_aio_3-22iil5

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

psirt@lenovo.com (Patch, x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2021-4210?: CVE-2021-4210 is a medium-severity vulnerability in Lenovo A540-24icb, classified under Improper Input Validation. CVSS score: 6.7/10. Published 2022-04-22.
How severe is CVE-2021-4210?: Medium severity. CVSS v3 base score is 6.7 out of 10.