CVE-2021-4210
MEDIUMLenovo Desktop/ThinkStation/ThinkEdge - Local Privilege Escalation
Title source: llmDescription
A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://support.lenovo.com/us/en/product_security/LEN-77639
Scores
CVSS v3
6.7
EPSS
0.0004
EPSS Percentile
12.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (32)
lenovo/a540-24icb_firmware
lenovo/a540-27icb_firmware
lenovo/ideacentre_5-14imb05_firmware
lenovo/ideacentre_aio_3-22ada6_firmware
lenovo/ideacentre_aio_3-22iil5_firmware
lenovo/ideacentre_aio_3-22itl6_firmware
lenovo/ideacentre_aio_3-24ada6_firmware
lenovo/ideacentre_aio_3-24iil5_firmware
lenovo/ideacentre_aio_3-24itl6_firmware
lenovo/ideacentre_aio_3-27itl6_firmware
... and 22 more
Published
Apr 22, 2022
Tracked Since
Feb 18, 2026