high
7.2
CWE
20
Advisory Published
Updated

CVE-2021-4211: Input Validation

First published: Fri Apr 22 2022(Updated: )

A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Lenovo A340-22ICB Firmware
Lenovo A340-22ICB Firmware
Lenovo A340
Lenovo A340
Lenovo A340-24ICB
Lenovo A340
Lenovo A340-24 IWL Firmware
Lenovo A340-24ICK Firmware
Lenovo A540-24ICB Firmware
Lenovo a540-24icb firmware
Lenovo A540-27ICB
Lenovo A540-27ICB
Lenovo Ideacentre Creator 5-14iob6 Firmware
Lenovo Ideacentre Gaming 5-14iob6 Firmware
Lenovo ideacentre 510s-07icb
Lenovo ideacentre 510s-07icb firmware
Lenovo ideacentre 510s-07ick
Lenovo ideacentre 510s-07ick firmware
Lenovo ideacentre aio 3-22ada6 firmware
Lenovo ideacentre aio 3-22ada6 firmware
Lenovo Ideacentre AIO 3-22iIL5 Firmware
Lenovo Ideacentre AIO 3-22iIL5 Firmware
Lenovo Ideacentre AIO 3-22ITL6 Firmware
Lenovo Ideacentre AIO 3-22ITL6 Firmware
Lenovo ideacentre aio 3-24ada6 firmware
Lenovo ideacentre aio 3-24ada6 firmware
Lenovo Ideacentre AIO 3 24IIL5
Lenovo Ideacentre AIO 3 24IIL5
Lenovo ideacentre aio 3-24itl6
Lenovo ideacentre aio 3-24itl6 firmware
Lenovo ideacentre aio 3-27itl6 firmware
Lenovo ideacentre aio 3-27itl6 firmware
Lenovo Ideacentre Creator 5-14iob6 Firmware
Lenovo Ideacentre Creator 5-14iob6 Firmware
Lenovo Ideacentre Creator 5-14iob6
Lenovo Ideacentre Gaming 5-14iob6 Firmware
Lenovo ThinkEdge SE30 Firmware
Lenovo SE30
Lenovo ThinkCentre M600 Firmware
Lenovo ThinkCentre M600 Firmware
Lenovo ThinkCentre M700 Tiny Firmware
Lenovo ThinkCentre M700
Lenovo ThinkCentre M70a
Lenovo ThinkCentre M70a Gen 3
Lenovo ThinkCentre M710e Firmware
Lenovo Ideacentre M710e
Lenovo Thinkcentre M710q
Lenovo Thinkcentre M710q
Lenovo Thinkcentre M710q
Lenovo Thinkcentre M710q
Lenovo ThinkCentre M710t/s Firmware
Lenovo ThinkCentre M710s Firmware
Lenovo Ideacentre M710t Firmware
Lenovo ThinkCentre M710t/s
Lenovo ThinkCentre M720e
Lenovo ThinkCentre M720e
Lenovo Thinkcentre M75n
Lenovo Thinkcentre M75n
Lenovo ThinkCentre M800 Firmware
Lenovo ThinkCentre M800 Firmware
Lenovo ThinkCentre M810z All-in-One Firmware
Lenovo ThinkCentre M810z All-in-One
Lenovo Thinkcentre M820z All-in-one
Lenovo Thinkcentre M820z All-in-one
Lenovo ThinkCentre M900 Firmware
Lenovo ThinkCentre M900 Firmware
Lenovo Thinkcentre M900x Firmware
Lenovo Thinkcentre M900x Firmware
Lenovo ThinkCentre M90a (Gen 2) Firmware
Lenovo ThinkCentre M90a (Gen 2)
Lenovo ThinkCentre M910q Firmware
Lenovo Ideacentre M910q
Lenovo ThinkCentre M910q Firmware
Lenovo ThinkCentre M910s Firmware
Lenovo Ideacentre M910t Firmware
Lenovo ThinkCentre M910t/s
Lenovo ThinkCentre M910q Firmware
Lenovo ThinkCentre M910x Firmware
Lenovo Thinkstation P310 Workstation Firmware
Lenovo Thinkstation P310 Workstation
Lenovo ThinkStation P320 Firmware
Lenovo ThinkStation P320 Workstation
Lenovo Thinkstation P320 Tiny Workstation Firmware
Lenovo Thinkstation P320 Tiny Workstation
Lenovo V30a-22iml Firmware
Lenovo V30a-22iml Firmware
Lenovo v30a-24iml
Lenovo V30a-24IML
Lenovo v410z (yt s4250)
Lenovo v410z(yt s4250) firmware
Lenovo V50t-13iob G2
Lenovo V50t-13iob
Lenovo V520
Lenovo V520 Firmware
Lenovo V520s
Lenovo V520s
Lenovo V530-15ICB
Lenovo V530
Lenovo V530-15ICR
Lenovo V530
Lenovo V530s-07ICB
Lenovo V530
Lenovo V530s-07ICB
Lenovo V530s-07ICB
Lenovo V540-24IWL All-in-One Firmware
Lenovo V540-24IWL All-in-One

Remedy

Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-77639.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-4211?

    CVE-2021-4211 has a high severity rating due to the potential for local code execution with elevated privileges.

  • How do I fix CVE-2021-4211?

    To fix CVE-2021-4211, update the affected Lenovo devices to the latest firmware version provided by Lenovo.

  • Which Lenovo models are affected by CVE-2021-4211?

    CVE-2021-4211 affects several Lenovo models, including the A340, A540, and Ideacentre series, among others.

  • Can CVE-2021-4211 be exploited remotely?

    CVE-2021-4211 cannot be exploited remotely and requires local access to the vulnerable system.

  • What type of vulnerability is CVE-2021-4211?

    CVE-2021-4211 is a local privilege escalation vulnerability in the SMI callback function of the SMBIOS event log driver.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203