CVE-2021-4211

Published: Apr 22, 2022Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Affected (53)

53 products

Ideacentre 5 14iob6 Firmware

Ideacentre 510s 07icb Firmware

Ideacentre 510s 07ick Firmware

Ideacentre Aio 3 22ada6 Firmware

Ideacentre Aio 3 22iil5 Firmware

Ideacentre Aio 3 22itl6 Firmware

Ideacentre Aio 3 24ada6 Firmware

Ideacentre Aio 3 24iil5 Firmware

Ideacentre Aio 3 24itl6 Firmware

Ideacentre Aio 3 27itl6 Firmware

Ideacentre Creator 5 14iob6 Firmware

Ideacentre Gaming 5 14iob6 Firmware

Se30 Firmware

Thinkcentre M600 Firmware

Thinkcentre M700 Tiny Firmware

Thinkcentre M70a Firmware

Thinkcentre M710e Firmware

Thinkcentre M710q Firmware

Thinkcentre M710q (10yc) Firmware

Thinkcentre M710s Firmware

Thinkcentre M710t Firmware

Thinkcentre M720e Firmware

Thinkcentre M75n Firmware

Thinkcentre M800 Firmware

Thinkcentre M810z Firmware

Thinkcentre M820z Firmware

Thinkcentre M900 Firmware

Thinkcentre M900x Firmware

Thinkcentre M90a (gen 2) Firmware

Thinkcentre M910q Firmware

Thinkcentre M910s Firmware

Thinkcentre M910t Firmware

Thinkcentre M910x Firmware

Thinkstation P310 Firmware

Thinkstation P320 Firmware

Thinkstation P320 Tiny Firmware

V30a 22iml Firmware

V30a 24iml Firmware

V410z Firmware

V50t 13iob G2 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo A340 22icb Firmware	All versions

Running on/with	Platform Versions
Lenovo A340 22icb	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo A340 22ick Firmware	All versions

Running on/with	Platform Versions
Lenovo A340 22ick	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo A340 24icb Firmware	All versions

Running on/with	Platform Versions
Lenovo A340 24icb	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo A340 24ick Firmware	All versions

Running on/with	Platform Versions
Lenovo A340 24ick	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo A540 24icb Firmware	All versions

Running on/with	Platform Versions
Lenovo A540 24icb	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo A540 27icb Firmware	All versions

Running on/with	Platform Versions
Lenovo A540 27icb	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre 5 14iob6 Firmware	All versions

Running on/with	Platform Versions
Lenovo Ideacentre 5 14iob6	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre 510s 07icb Firmware	All versions

Running on/with	Platform Versions
Lenovo Ideacentre 510s 07icb	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre 510s 07ick Firmware	All versions

Running on/with	Platform Versions
Lenovo Ideacentre 510s 07ick	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre Aio 3 22ada6 Firmware	All versions

Running on/with	Platform Versions
Lenovo Ideacentre Aio 3 22ada6	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre Aio 3 22iil5 Firmware	All versions

Running on/with	Platform Versions
Lenovo Ideacentre Aio 3 22iil5	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre Aio 3 22itl6 Firmware	All versions

Running on/with	Platform Versions
Lenovo Ideacentre Aio 3 22itl6	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre Aio 3 24ada6 Firmware	All versions

Running on/with	Platform Versions
Lenovo Ideacentre Aio 3 24ada6	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre Aio 3 24iil5 Firmware	All versions

Running on/with	Platform Versions
Lenovo Ideacentre Aio 3 24iil5	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre Aio 3 24itl6 Firmware	All versions

Running on/with	Platform Versions
Lenovo Ideacentre Aio 3 24itl6	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre Aio 3 27itl6 Firmware	All versions

Running on/with	Platform Versions
Lenovo Ideacentre Aio 3 27itl6	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre Creator 5 14iob6 Firmware	All versions

Running on/with	Platform Versions
Lenovo Ideacentre Creator 5 14iob6	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre Gaming 5 14iob6 Firmware	All versions

Running on/with	Platform Versions
Lenovo Ideacentre Gaming 5 14iob6	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Se30 Firmware	All versions

Running on/with	Platform Versions
Lenovo Se30	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M600 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M600	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M700 Tiny Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M700 Tiny	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M70a Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M70a	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M710e Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M710e	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M710q Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M710q	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M710q (10yc) Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M710q (10yc)	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M710s Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M710s	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M710t Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M710t	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M720e Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M720e	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M75n Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M75n	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M800 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M800	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M810z Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M810z	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M820z Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M820z	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M900 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M900	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M900x Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M900x	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M90a (gen 2) Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M90a (gen 2)	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M910q Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M910q	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M910s Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M910s	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M910t Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M910t	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M910x Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkcentre M910x	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P310 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkstation P310	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P320 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkstation P320	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P320 Tiny Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkstation P320 Tiny	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V30a 22iml Firmware	All versions

Running on/with	Platform Versions
Lenovo V30a 22iml	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V30a 24iml Firmware	All versions

Running on/with	Platform Versions
Lenovo V30a 24iml	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V410z Firmware	All versions

Running on/with	Platform Versions
Lenovo V410z	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V50t 13iob G2 Firmware	All versions

Running on/with	Platform Versions
Lenovo V50t 13iob G2	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V520 Firmware	All versions

Running on/with	Platform Versions
Lenovo V520	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V520s Firmware	All versions

Running on/with	Platform Versions
Lenovo V520s	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V530 15icb Firmware	All versions

Running on/with	Platform Versions
Lenovo V530 15icb	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V530 15icr Firmware	All versions

Running on/with	Platform Versions
Lenovo V530 15icr	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V530s 07icb Firmware	All versions

Running on/with	Platform Versions
Lenovo V530s 07icb	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V530s 07icr Firmware	All versions

Running on/with	Platform Versions
Lenovo V530s 07icr	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V540 24iwl Firmware	All versions

Running on/with	Platform Versions
Lenovo V540 24iwl	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://support.lenovo.com/us/en/product_security/LEN-77639

Source: psirt@lenovo.com

Vendor Advisory

https://support.lenovo.com/us/en/product_security/LEN-77639

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.