7.2
CWE
20
Advisory Published
Updated

CVE-2021-4212: Input Validation

First published: Fri Apr 22 2022(Updated: )

A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Lenovo C340-14iml Firmware
Lenovo C340-14iml
Lenovo C340-15iml Firmware
Lenovo C340-15iml
Lenovo D330-10igm Firmware
Lenovo D330-10igm
Lenovo Duet 3-10igl5 Firmware
Lenovo Duet 3-10igl5
Lenovo E41-50 Firmware
Lenovo E41-50
Lenovo Flex-14iml Firmware
Lenovo Flex-14iml
Lenovo Flex-15iml Firmware
Lenovo Flex-15iml
Lenovo Ideapad 3-14are05 Firmware
Lenovo Ideapad 3-14are05
Lenovo Ideapad 3-15are05 Firmware
Lenovo Ideapad 3-15are05
Lenovo Ideapad 3-17are05 Firmware
Lenovo Ideapad 3-17are05
Lenovo Ideapad 5-14alc05 Firmware
Lenovo Ideapad 5-14alc05
Lenovo Ideapad 5-14are05 Firmware
Lenovo Ideapad 5-14are05
Lenovo Ideapad 5-15itl05 Firmware
Lenovo Ideapad 5-15itl05
Lenovo Ideapad 5 Pro-14acn6 Firmware
Lenovo Ideapad 5 Pro-14acn6
Lenovo Ideapad 5 Pro-14itl6 Firmware
Lenovo Ideapad 5 Pro-14itl6
Lenovo Ideapad 5 Pro-16ihu6 Firmware
Lenovo Ideapad 5 Pro-16ihu6
Lenovo Ideapad Creator 5-15imh05 Firmware
Lenovo Ideapad Creator 5-15imh05
Lenovo Ideapad Gaming 3-15ach6 Firmware
Lenovo Ideapad Gaming 3-15ach6
Lenovo Ideapad Gaming 3-15arh05 Firmware
Lenovo Ideapad Gaming 3-15arh05
Lenovo Ideapad Gaming 3-15imh05 Firmware
Lenovo Ideapad Gaming 3-15imh05
Lenovo L340-15irh Firmware
Lenovo L340-15irh
Lenovo L340-15iwl Firmware
Lenovo L340-15iwl
Lenovo L340-15iwl Touch Firmware
Lenovo L340-15iwl Touch
Lenovo L340-17irh Firmware
Lenovo L340-17irh
Lenovo L340-17iwl Firmware
Lenovo L340-17iwl
Lenovo Legion Y540-15irh Firmware
Lenovo Legion Y540-15irh
Lenovo Legion Y540-15irh-pg0 Firmware
Lenovo Legion Y540-15irh-pg0
Lenovo Legion Y540-17irh Firmware
Lenovo Legion Y540-17irh
Lenovo Legion Y540-17irh-pg0 Firmware
Lenovo Legion Y540-17irh-pg0
Lenovo Legion Y545 Firmware
Lenovo Legion Y545
Lenovo Legion Y545-pg0 Firmware
Lenovo Legion Y545-pg0
Lenovo Legion Y7000-2019 Firmware
Lenovo Legion Y7000-2019
Lenovo Legion Y7000-2019-pg0 Firmware
Lenovo Legion Y7000-2019-pg0
Lenovo S340-13iml Firmware
Lenovo S340-13iml
Lenovo S340-14api Firmware
Lenovo S340-14api
Lenovo S340-14iml Firmware
Lenovo S340-14iml
Lenovo S340-15api Firmware
Lenovo S340-15api
Lenovo S340-15api Touch Firmware
Lenovo S340-15api Touch
Lenovo S340-15iml Firmware
Lenovo S340-15iml
Lenovo S540-14iml Firmware
Lenovo S540-14iml
Lenovo S540-14iml Touch Firmware
Lenovo S540-14iml Touch
Lenovo S540-15iml Firmware
Lenovo S540-15iml
Lenovo Slim 7-14are05 Firmware
Lenovo Slim 7-14are05
Lenovo Slim 7-14itl05 Firmware
Lenovo Slim 7-14itl05
Lenovo Slim 7-15iil05 Firmware
Lenovo Slim 7-15iil05
Lenovo Slim 7-15imh05 Firmware
Lenovo Slim 7-15imh05
Lenovo Slim 7-15itl05 Firmware
Lenovo Slim 7-15itl05
Lenovo Thinkbook 13x Itg Firmware
Lenovo Thinkbook 13x Itg
Lenovo Thinkbook 14 G3 Itl Firmware
Lenovo Thinkbook 14 G3 Itl
Lenovo Thinkbook Plus G2 Itg Firmware
Lenovo Thinkbook Plus G2 Itg
Lenovo V14-are Firmware
Lenovo V14-are
Lenovo V140-15iwl Firmware
Lenovo V140-15iwl
Lenovo V340-17iwl Firmware
Lenovo V340-17iwl
Lenovo Yoga 6-13alc6 Firmware
Lenovo Yoga 6-13alc6
Lenovo Yoga Creator 7-15imh05 Firmware
Lenovo Yoga Creator 7-15imh05
Lenovo Yoga Slim 7-14are05 Firmware
Lenovo Yoga Slim 7-14are05
Lenovo Yoga Slim 7-14iil05 Firmware
Lenovo Yoga Slim 7-14iil05
Lenovo Yoga Slim 7-14itl05 Firmware
Lenovo Yoga Slim 7-14itl05
Lenovo Yoga Slim 7-15iil05 Firmware
Lenovo Yoga Slim 7-15iil05
Lenovo Yoga Slim 7-15imh05 Firmware
Lenovo Yoga Slim 7-15imh05
Lenovo Yoga Slim 7-15itl05 Firmware
Lenovo Yoga Slim 7-15itl05
Lenovo Yoga Slim 7 Carbon 13itl5 Firmware
Lenovo Yoga Slim 7 Carbon 13itl5

Remedy

Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-77639.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203