{ "CVE_data_meta": { "ASSIGNER": "psirt@lenovo.com", "ID": "CVE-2021-4212", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "BIOS", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "Lenovo" } ] } }, "credit": [ { "lang": "eng", "value": "Lenovo thanks Jiawei Yin(@yngweijw) and Menghao Li of IIE varas" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20 Improper Input Validation" } ] } ] }, "references": { "reference_data": [ { "refsource": "MISC", "url": "https://support.lenovo.com/us/en/product_security/LEN-77639", "name": "https://support.lenovo.com/us/en/product_security/LEN-77639" } ] }, "solution": [ { "lang": "eng", "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-77639." } ], "source": { "advisory": "LEN-77639", "discovery": "UNKNOWN" } }