First published: Fri Apr 22 2022(Updated: )
A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.
Credit: psirt@lenovo.com
Affected Software | Affected Version | How to fix |
---|---|---|
Lenovo c340-14iml | ||
Lenovo c340-14iml firmware | ||
Lenovo c340-15iml | ||
Lenovo c340-15iml firmware | ||
Lenovo d330-10igm | ||
Lenovo d330-10igm | ||
Lenovo Ideapad Duet 3 10IGL5 Firmware | ||
Lenovo Ideapad Duet 3 10IGL5 | ||
Lenovo E41-50 | ||
Lenovo E41-50 | ||
Lenovo Flex 14IML Firmware | ||
Lenovo Flex 14IML | ||
Lenovo Flex 15IML Firmware | ||
Lenovo Flex 15IML Firmware | ||
Lenovo IdeaPad 3-14ARE05 Firmware | ||
Lenovo IdeaPad 3-14ARE05 Firmware | ||
Lenovo Ideapad 3-15ARE05 Firmware | ||
Lenovo Ideapad 3-15are05 firmware | ||
Lenovo Ideapad 3-17are05 | ||
Lenovo Ideapad 3 | ||
Lenovo Ideapad Flex 5-14ALC05 Firmware | ||
Lenovo Ideapad Flex 5-14ALC05 Firmware | ||
Lenovo Ideapad 5-14are05 firmware | ||
Lenovo Ideapad 5-14are05 firmware | ||
Lenovo Ideapad 5-15itl05 | ||
Lenovo Ideapad 5-15itl05 Firmware | ||
Lenovo Ideapad 5 Pro-14ACN6 Firmware | ||
Lenovo ideapad 5 pro-14acn6 firmware | ||
Lenovo Ideapad 5 Pro 14ITL6 Firmware | ||
Lenovo ideapad 5 pro-14acn6 firmware | ||
Lenovo Ideapad 5 Pro-16ihu6 Firmware | ||
Lenovo Ideapad 5 Pro-16ihu6 Firmware | ||
Lenovo Ideapad Creator 5-15imh05 Firmware | ||
Lenovo Ideapad Creator 5-15imh05 Firmware | ||
Lenovo Ideapad Gaming 3-15ACH6 | ||
Lenovo Ideapad Gaming 3-15ACH6 Firmware | ||
Lenovo Ideapad Gaming 3-15ARH05 | ||
Lenovo Ideapad Gaming 3-15ARH05 Firmware | ||
Lenovo Ideapad Gaming 3-15IMH05 | ||
Lenovo Ideapad Gaming 3-15IMH05 Firmware | ||
Lenovo L340-15IRH | ||
Lenovo L340-15IRH Firmware | ||
Lenovo L340-15IWl Touch Firmware | ||
Lenovo L340-15IWL Touch | ||
Lenovo L340-15IWL Touch Firmware | ||
Lenovo L340-15IWL | ||
Lenovo L340-17IRH Firmware | ||
Lenovo L340-17IRH Firmware | ||
Lenovo L340-17IWL | ||
Lenovo L340-17IWL Firmware | ||
Lenovo Legion Y540 | ||
Lenovo Legion Y540-15IRH Firmware | ||
Lenovo Legion Y540-15IRH Firmware | ||
Lenovo Legion Y540-15IRH | ||
Lenovo Legion Y540-17IRH | ||
Lenovo Legion Y540 | ||
Lenovo Legion Y540-17IRH Firmware | ||
Lenovo Legion Y540-17IRH-PG0 Firmware | ||
Lenovo Legion Y545 Firmware | ||
Lenovo Legion Y545 PG0 | ||
Lenovo Legion Y545 Firmware | ||
Lenovo Legion Y545 | ||
Lenovo Legion Y7000P 2019 Firmware | ||
Lenovo Legion Y7000 2019 | ||
Lenovo Legion Y7000-2019 Firmware | ||
Lenovo Legion Y7000 2019 | ||
Lenovo S340-13IML Firmware | ||
Lenovo S340-13IML Firmware | ||
Lenovo s340-14api | ||
Lenovo s340-14api firmware | ||
Lenovo s340-14iml firmware | ||
Lenovo s340-14IML | ||
Lenovo S340-15API Touch Firmware | ||
Lenovo S340-15API | ||
Lenovo s340-15iwl touch firmware | ||
Lenovo S340-15API Touch Firmware | ||
Lenovo s340-15iml firmware | ||
Lenovo s340-15iml firmware | ||
Lenovo S540-14IML Firmware | ||
Lenovo s540-14api | ||
Lenovo s540-14iwl touch firmware | ||
Lenovo S540-14IML Touch Firmware | ||
Lenovo s540-15iml | ||
Lenovo s540-15iml firmware | ||
Lenovo Slim 7-14ARE05 | ||
Lenovo Slim 7 | ||
Lenovo Slim 7-14ITL05 | ||
Lenovo Ideapad Slim 7-14ITL05 Firmware | ||
Lenovo Ideapad Slim 7-15iil05 Firmware | ||
Lenovo Slim 7-15iil05 Firmware | ||
Lenovo Slim 7-15IMH05 | ||
Lenovo Yoga Slim 7-15IMH05 | ||
Lenovo Slim 7-15ITL05 Firmware | ||
Lenovo Slim 7 15ITL05 | ||
Lenovo ThinkBook 13x ITG Firmware | ||
Lenovo ThinkBook 13x ITG Firmware | ||
Lenovo Thinkbook 14 G3 ITL Firmware | ||
Lenovo Thinkbook 14 G3 ITL Firmware | ||
Lenovo ThinkBook Plus G2 ITG Firmware | ||
Lenovo ThinkBook Plus G2 ITG Firmware | ||
Lenovo v14-are firmware | ||
Lenovo v14-are firmware | ||
Lenovo v140-15iwl | ||
Lenovo v140-15iwl firmware | ||
Lenovo v340-17iwl | ||
Lenovo v340-17iwl firmware | ||
Lenovo Yoga 6-13ALC6 | ||
Lenovo Yoga 6-13ALC6 Firmware | ||
Lenovo Yoga Creator 7-15IMH05 | ||
Lenovo Yoga Creator 7-15IMH05 Firmware | ||
Lenovo Yoga Slim 7 14ARE05 | ||
Lenovo Yoga Slim 7 14ARE05 | ||
Lenovo Ideapad Slim 7-14IIL05 Firmware | ||
Lenovo Yoga Slim 7 | ||
Lenovo Yoga Slim 7 Pro 14ITL5 Firmware | ||
Lenovo Yoga Slim 7-14ITL05 Firmware | ||
Lenovo Yoga Slim 7 15IIL05 Firmware | ||
Lenovo Slim 7-15iil05 Firmware | ||
Lenovo Slim 7-15IMH05 | ||
Lenovo Yoga Slim 7-15IMH05 | ||
Lenovo Slim 7-15ITL05 Firmware | ||
Lenovo Yoga Slim 7 15ITL05 | ||
Lenovo Yoga Slim 7 Carbon 13ITL5 | ||
Lenovo Yoga Slim 7 Carbon 13ITL5 Firmware |
Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-77639.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-4212 is classified as a potential security vulnerability allowing local attackers to execute arbitrary code.
To fix CVE-2021-4212, apply the latest firmware updates released by Lenovo for the affected devices.
CVE-2021-4212 affects multiple Lenovo notebook models that utilize the SMI callback function in Legacy BIOS mode.
An attacker must have local access and elevated privileges on the affected device to exploit CVE-2021-4212.
Exploiting CVE-2021-4212 could allow an attacker to execute arbitrary code, potentially compromising the integrity of the system.