high
7.2
CWE
20
Advisory Published
Updated

CVE-2021-4212: Input Validation

First published: Fri Apr 22 2022(Updated: )

A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Lenovo c340-14iml
Lenovo c340-14iml firmware
Lenovo c340-15iml
Lenovo c340-15iml firmware
Lenovo d330-10igm
Lenovo d330-10igm
Lenovo Ideapad Duet 3 10IGL5 Firmware
Lenovo Ideapad Duet 3 10IGL5
Lenovo E41-50
Lenovo E41-50
Lenovo Flex 14IML Firmware
Lenovo Flex 14IML
Lenovo Flex 15IML Firmware
Lenovo Flex 15IML Firmware
Lenovo IdeaPad 3-14ARE05 Firmware
Lenovo IdeaPad 3-14ARE05 Firmware
Lenovo Ideapad 3-15ARE05 Firmware
Lenovo Ideapad 3-15are05 firmware
Lenovo Ideapad 3-17are05
Lenovo Ideapad 3
Lenovo Ideapad Flex 5-14ALC05 Firmware
Lenovo Ideapad Flex 5-14ALC05 Firmware
Lenovo Ideapad 5-14are05 firmware
Lenovo Ideapad 5-14are05 firmware
Lenovo Ideapad 5-15itl05
Lenovo Ideapad 5-15itl05 Firmware
Lenovo Ideapad 5 Pro-14ACN6 Firmware
Lenovo ideapad 5 pro-14acn6 firmware
Lenovo Ideapad 5 Pro 14ITL6 Firmware
Lenovo ideapad 5 pro-14acn6 firmware
Lenovo Ideapad 5 Pro-16ihu6 Firmware
Lenovo Ideapad 5 Pro-16ihu6 Firmware
Lenovo Ideapad Creator 5-15imh05 Firmware
Lenovo Ideapad Creator 5-15imh05 Firmware
Lenovo Ideapad Gaming 3-15ACH6
Lenovo Ideapad Gaming 3-15ACH6 Firmware
Lenovo Ideapad Gaming 3-15ARH05
Lenovo Ideapad Gaming 3-15ARH05 Firmware
Lenovo Ideapad Gaming 3-15IMH05
Lenovo Ideapad Gaming 3-15IMH05 Firmware
Lenovo L340-15IRH
Lenovo L340-15IRH Firmware
Lenovo L340-15IWl Touch Firmware
Lenovo L340-15IWL Touch
Lenovo L340-15IWL Touch Firmware
Lenovo L340-15IWL
Lenovo L340-17IRH Firmware
Lenovo L340-17IRH Firmware
Lenovo L340-17IWL
Lenovo L340-17IWL Firmware
Lenovo Legion Y540
Lenovo Legion Y540-15IRH Firmware
Lenovo Legion Y540-15IRH Firmware
Lenovo Legion Y540-15IRH
Lenovo Legion Y540-17IRH
Lenovo Legion Y540
Lenovo Legion Y540-17IRH Firmware
Lenovo Legion Y540-17IRH-PG0 Firmware
Lenovo Legion Y545 Firmware
Lenovo Legion Y545 PG0
Lenovo Legion Y545 Firmware
Lenovo Legion Y545
Lenovo Legion Y7000P 2019 Firmware
Lenovo Legion Y7000 2019
Lenovo Legion Y7000-2019 Firmware
Lenovo Legion Y7000 2019
Lenovo S340-13IML Firmware
Lenovo S340-13IML Firmware
Lenovo s340-14api
Lenovo s340-14api firmware
Lenovo s340-14iml firmware
Lenovo s340-14IML
Lenovo S340-15API Touch Firmware
Lenovo S340-15API
Lenovo s340-15iwl touch firmware
Lenovo S340-15API Touch Firmware
Lenovo s340-15iml firmware
Lenovo s340-15iml firmware
Lenovo S540-14IML Firmware
Lenovo s540-14api
Lenovo s540-14iwl touch firmware
Lenovo S540-14IML Touch Firmware
Lenovo s540-15iml
Lenovo s540-15iml firmware
Lenovo Slim 7-14ARE05
Lenovo Slim 7
Lenovo Slim 7-14ITL05
Lenovo Ideapad Slim 7-14ITL05 Firmware
Lenovo Ideapad Slim 7-15iil05 Firmware
Lenovo Slim 7-15iil05 Firmware
Lenovo Slim 7-15IMH05
Lenovo Yoga Slim 7-15IMH05
Lenovo Slim 7-15ITL05 Firmware
Lenovo Slim 7 15ITL05
Lenovo ThinkBook 13x ITG Firmware
Lenovo ThinkBook 13x ITG Firmware
Lenovo Thinkbook 14 G3 ITL Firmware
Lenovo Thinkbook 14 G3 ITL Firmware
Lenovo ThinkBook Plus G2 ITG Firmware
Lenovo ThinkBook Plus G2 ITG Firmware
Lenovo v14-are firmware
Lenovo v14-are firmware
Lenovo v140-15iwl
Lenovo v140-15iwl firmware
Lenovo v340-17iwl
Lenovo v340-17iwl firmware
Lenovo Yoga 6-13ALC6
Lenovo Yoga 6-13ALC6 Firmware
Lenovo Yoga Creator 7-15IMH05
Lenovo Yoga Creator 7-15IMH05 Firmware
Lenovo Yoga Slim 7 14ARE05
Lenovo Yoga Slim 7 14ARE05
Lenovo Ideapad Slim 7-14IIL05 Firmware
Lenovo Yoga Slim 7
Lenovo Yoga Slim 7 Pro 14ITL5 Firmware
Lenovo Yoga Slim 7-14ITL05 Firmware
Lenovo Yoga Slim 7 15IIL05 Firmware
Lenovo Slim 7-15iil05 Firmware
Lenovo Slim 7-15IMH05
Lenovo Yoga Slim 7-15IMH05
Lenovo Slim 7-15ITL05 Firmware
Lenovo Yoga Slim 7 15ITL05
Lenovo Yoga Slim 7 Carbon 13ITL5
Lenovo Yoga Slim 7 Carbon 13ITL5 Firmware

Remedy

https://support.lenovo.com/us/en/product_security/LEN-77639

Remedy

Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-77639.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-4212?

    CVE-2021-4212 is classified as a potential security vulnerability allowing local attackers to execute arbitrary code.

  • How do I fix CVE-2021-4212?

    To fix CVE-2021-4212, apply the latest firmware updates released by Lenovo for the affected devices.

  • Which devices are affected by CVE-2021-4212?

    CVE-2021-4212 affects multiple Lenovo notebook models that utilize the SMI callback function in Legacy BIOS mode.

  • What type of access is required to exploit CVE-2021-4212?

    An attacker must have local access and elevated privileges on the affected device to exploit CVE-2021-4212.

  • What could be the impact of CVE-2021-4212 if exploited?

    Exploiting CVE-2021-4212 could allow an attacker to execute arbitrary code, potentially compromising the integrity of the system.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203