CVE-2021-4212

moderate-risk
Published 2022-04-22

A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Do I need to act?

-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.7/10 Medium
LOCAL / LOW complexity

Affected Products (20)

C340-14Iml Firmware
C340-15Iml Firmware
D330-10Igm Firmware
Duet 3-10Igl5 Firmware
E41-50 Firmware
Flex-14Iml Firmware
Flex-15Iml Firmware
Ideapad 3-14Are05 Firmware
Ideapad 3-15Are05 Firmware
Ideapad 3-17Are05 Firmware
Ideapad 5-14Alc05 Firmware
Ideapad 5-14Are05 Firmware
Ideapad 5-15Itl05 Firmware
Ideapad 5 Pro-14Acn6 Firmware
Ideapad 5 Pro-14Itl6 Firmware
Ideapad 5 Pro-16Ihu6 Firmware
Ideapad Creator 5-15Imh05 Firmware
Ideapad Gaming 3-15Ach6 Firmware
Ideapad Gaming 3-15Arh05 Firmware
Ideapad Gaming 3-15Imh05 Firmware

Affected Vendors

Lenovo

References (2)

Patch https://support.lenovo.com/us/en/product_security/LEN-77639
Patch https://support.lenovo.com/us/en/product_security/LEN-77639
48
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 0/34 · Minimal
Exposure 27/34 · High