Strix
26.1K

CVE-2021-4212

MEDIUMCVSS 6.7/10EPSS 0.24%

Last modified

CVE-2021-4212 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.. EPSS estimates a 0.24% chance of exploitation in the next 30 days.

Description

A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Metrics

CVSS 3.1
6.7/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.24%

15.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
LenovoC340-14iml FirmwareAll versions
LenovoC340-15iml FirmwareAll versions
LenovoD330-10igm FirmwareAll versions
LenovoDuet 3-10igl5 FirmwareAll versions
LenovoE41-50 FirmwareAll versions
LenovoFlex-14iml FirmwareAll versions
LenovoFlex-15iml FirmwareAll versions
LenovoIdeapad 3-14are05 FirmwareAll versions
LenovoIdeapad 3-15are05 FirmwareAll versions
LenovoIdeapad 3-17are05 FirmwareAll versions
LenovoIdeapad 5-14alc05 FirmwareAll versions
LenovoIdeapad 5-14are05 FirmwareAll versions
LenovoIdeapad 5-15itl05 FirmwareAll versions
LenovoIdeapad 5 Pro-14acn6 FirmwareAll versions
LenovoIdeapad 5 Pro-14itl6 FirmwareAll versions
LenovoIdeapad 5 Pro-16ihu6 FirmwareAll versions
LenovoIdeapad Creator 5-15imh05 FirmwareAll versions
LenovoIdeapad Gaming 3-15ach6 FirmwareAll versions
LenovoIdeapad Gaming 3-15arh05 FirmwareAll versions
LenovoIdeapad Gaming 3-15imh05 FirmwareAll versions
LenovoL340-15irh FirmwareAll versions
LenovoL340-15iwl FirmwareAll versions
LenovoL340-15iwl Touch FirmwareAll versions
LenovoL340-17irh FirmwareAll versions
LenovoL340-17iwl FirmwareAll versions
LenovoLegion Y540-15irh FirmwareAll versions
LenovoLegion Y540-15irh-Pg0 FirmwareAll versions
LenovoLegion Y540-17irh FirmwareAll versions
LenovoLegion Y540-17irh-Pg0 FirmwareAll versions
LenovoLegion Y545 FirmwareAll versions
LenovoLegion Y545-Pg0 FirmwareAll versions
LenovoLegion Y7000-2019 FirmwareAll versions
LenovoLegion Y7000-2019-Pg0 FirmwareAll versions
LenovoS340-13iml FirmwareAll versions
LenovoS340-14api FirmwareAll versions
LenovoS340-14iml FirmwareAll versions
LenovoS340-15api FirmwareAll versions
LenovoS340-15api Touch FirmwareAll versions
LenovoS340-15iml FirmwareAll versions
LenovoS540-14iml FirmwareAll versions
LenovoS540-14iml Touch FirmwareAll versions
LenovoS540-15iml FirmwareAll versions
LenovoSlim 7-14are05 FirmwareAll versions
LenovoSlim 7-14itl05 FirmwareAll versions
LenovoSlim 7-15iil05 FirmwareAll versions
LenovoSlim 7-15imh05 FirmwareAll versions
LenovoSlim 7-15itl05 FirmwareAll versions
LenovoThinkbook 13x Itg FirmwareAll versions
LenovoThinkbook 14 G3 Itl FirmwareAll versions
LenovoThinkbook Plus G2 Itg FirmwareAll versions

Showing 50 of 62 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-4212?
A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.
How severe is CVE-2021-4212?
CVE-2021-4212 has a CVSS score of 6.7/10 (MEDIUM severity). The EPSS model estimates a 0.24% probability of exploitation in the next 30 days.
How do I fix CVE-2021-4212?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-4212?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST