CVE-2021-4211 : A potential vulnerability in the SMI callback function used in the SMBIOS event

A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Published 2022-04-22 21:15:10

Updated 2022-05-11 18:47:10

Source Lenovo Group Ltd.

View at NVD, CVE.org

Vulnerability category: Input validationExecute code

Products affected by CVE-2021-4211

Lenovo » Thinkcentre M600 Firmware » Version: N/A
cpe:2.3:o:lenovo:thinkcentre_m600_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Thinkcentre M600 » Version: N/A
Lenovo » Thinkcentre M800 Firmware » Version: N/A
cpe:2.3:o:lenovo:thinkcentre_m800_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Thinkcentre M800 » Version: N/A
Lenovo » Thinkcentre M900 Firmware » Version: N/A
cpe:2.3:o:lenovo:thinkcentre_m900_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Thinkcentre M900 » Version: N/A
Lenovo » Thinkcentre M910q Firmware » Version: N/A
cpe:2.3:o:lenovo:thinkcentre_m910q_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Thinkcentre M910q » Version: N/A
Lenovo » Thinkcentre M910x Firmware » Version: N/A
cpe:2.3:o:lenovo:thinkcentre_m910x_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Thinkcentre M910x » Version: N/A
Lenovo » Thinkcentre M810z Firmware » Version: N/A
cpe:2.3:o:lenovo:thinkcentre_m810z_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Thinkcentre M810z » Version: N/A
Lenovo » Thinkstation P310 Firmware » Version: N/A
cpe:2.3:o:lenovo:thinkstation_p310_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Thinkstation P310 » Version: N/A
Lenovo » Thinkstation P320 Firmware » Version: N/A
cpe:2.3:o:lenovo:thinkstation_p320_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Thinkstation P320 » Version: N/A
Lenovo » Thinkcentre M710e Firmware » Version: N/A
cpe:2.3:o:lenovo:thinkcentre_m710e_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Thinkcentre M710e » Version: N/A
Lenovo » Thinkcentre M710t Firmware » Version: N/A
cpe:2.3:o:lenovo:thinkcentre_m710t_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Thinkcentre M710t » Version: N/A
Lenovo » Thinkcentre M710s Firmware » Version: N/A
cpe:2.3:o:lenovo:thinkcentre_m710s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Thinkcentre M710s » Version: N/A
Lenovo » Thinkcentre M820z Firmware » Version: N/A
cpe:2.3:o:lenovo:thinkcentre_m820z_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Thinkcentre M820z » Version: N/A
Lenovo » Thinkcentre M710q Firmware » Version: N/A
cpe:2.3:o:lenovo:thinkcentre_m710q_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Thinkcentre M710q » Version: N/A
Lenovo » Thinkcentre M910t Firmware » Version: N/A
cpe:2.3:o:lenovo:thinkcentre_m910t_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Thinkcentre M910t » Version: N/A
Lenovo » Thinkcentre M910s Firmware » Version: N/A
cpe:2.3:o:lenovo:thinkcentre_m910s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Thinkcentre M910s » Version: N/A
Lenovo » Thinkstation P320 Tiny Firmware » Version: N/A
cpe:2.3:o:lenovo:thinkstation_p320_tiny_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Thinkstation P320 Tiny » Version: N/A
Lenovo » V530s-07icb Firmware » Version: N/A
cpe:2.3:o:lenovo:v530s-07icb_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » V530s-07icb » Version: N/A
Lenovo » A340-22icb Firmware » Version: N/A
cpe:2.3:o:lenovo:a340-22icb_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » A340-22icb » Version: N/A
Lenovo » A340-24icb Firmware » Version: N/A
cpe:2.3:o:lenovo:a340-24icb_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » A340-24icb » Version: N/A
Lenovo » V410z Firmware » Version: N/A
cpe:2.3:o:lenovo:v410z_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » V410z » Version: N/A
Lenovo » V540-24iwl Firmware » Version: N/A
cpe:2.3:o:lenovo:v540-24iwl_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » V540-24iwl » Version: N/A
Lenovo » Thinkcentre M700 Tiny Firmware » Version: N/A
cpe:2.3:o:lenovo:thinkcentre_m700_tiny_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Thinkcentre M700 Tiny » Version: N/A
Lenovo » Thinkcentre M900x Firmware » Version: N/A
cpe:2.3:o:lenovo:thinkcentre_m900x_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Thinkcentre M900x » Version: N/A
Lenovo » Ideacentre 5-14iob6 Firmware » Version: N/A
cpe:2.3:o:lenovo:ideacentre_5-14iob6_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Ideacentre 5-14iob6 » Version: N/A
Lenovo » Ideacentre Creator 5-14iob6 Firmware » Version: N/A
cpe:2.3:o:lenovo:ideacentre_creator_5-14iob6_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Ideacentre Creator 5-14iob6 » Version: N/A
Lenovo » Ideacentre Gaming 5-14iob6 Firmware » Version: N/A
cpe:2.3:o:lenovo:ideacentre_gaming_5-14iob6_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Ideacentre Gaming 5-14iob6 » Version: N/A
Lenovo » Thinkcentre M70a Firmware » Version: N/A
cpe:2.3:o:lenovo:thinkcentre_m70a_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Thinkcentre M70a » Version: N/A
Lenovo » Thinkcentre M720e Firmware » Version: N/A
cpe:2.3:o:lenovo:thinkcentre_m720e_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Thinkcentre M720e » Version: N/A
Lenovo » Thinkcentre M75n Firmware » Version: N/A
cpe:2.3:o:lenovo:thinkcentre_m75n_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Thinkcentre M75n » Version: N/A
Lenovo » Ideacentre 510s-07icb Firmware » Version: N/A
cpe:2.3:o:lenovo:ideacentre_510s-07icb_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Ideacentre 510s-07icb » Version: N/A
Lenovo » Ideacentre 510s-07ick Firmware » Version: N/A
cpe:2.3:o:lenovo:ideacentre_510s-07ick_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Ideacentre 510s-07ick » Version: N/A
Lenovo » V30a-22iml Firmware » Version: N/A
cpe:2.3:o:lenovo:v30a-22iml_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » V30a-22iml » Version: N/A
Lenovo » V520 Firmware » Version: N/A
cpe:2.3:o:lenovo:v520_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » V520 » Version: N/A
Lenovo » V520s Firmware » Version: N/A
cpe:2.3:o:lenovo:v520s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » V520s » Version: N/A
Lenovo » V530-15icr Firmware » Version: N/A
cpe:2.3:o:lenovo:v530-15icr_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » V530-15icr » Version: N/A
Lenovo » V530s-07icr Firmware » Version: N/A
cpe:2.3:o:lenovo:v530s-07icr_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » V530s-07icr » Version: N/A
Lenovo » A540-27icb Firmware » Version: N/A
cpe:2.3:o:lenovo:a540-27icb_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » A540-27icb » Version: N/A
Lenovo » A540-24icb Firmware » Version: N/A
cpe:2.3:o:lenovo:a540-24icb_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » A540-24icb » Version: N/A
Lenovo » Ideacentre Aio 3-27itl6 Firmware » Version: N/A
cpe:2.3:o:lenovo:ideacentre_aio_3-27itl6_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Ideacentre Aio 3-27itl6 » Version: N/A
Lenovo » Ideacentre Aio 3-24itl6 Firmware » Version: N/A
cpe:2.3:o:lenovo:ideacentre_aio_3-24itl6_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Ideacentre Aio 3-24itl6 » Version: N/A
Lenovo » Ideacentre Aio 3-24iil5 Firmware » Version: N/A
cpe:2.3:o:lenovo:ideacentre_aio_3-24iil5_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Ideacentre Aio 3-24iil5 » Version: N/A
Lenovo » Ideacentre Aio 3-24ada6 Firmware » Version: N/A
cpe:2.3:o:lenovo:ideacentre_aio_3-24ada6_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Ideacentre Aio 3-24ada6 » Version: N/A
Lenovo » Ideacentre Aio 3-22itl6 Firmware » Version: N/A
cpe:2.3:o:lenovo:ideacentre_aio_3-22itl6_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Ideacentre Aio 3-22itl6 » Version: N/A
Lenovo » Ideacentre Aio 3-22iil5 Firmware » Version: N/A
cpe:2.3:o:lenovo:ideacentre_aio_3-22iil5_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Ideacentre Aio 3-22iil5 » Version: N/A
Lenovo » Ideacentre Aio 3-22ada6 Firmware » Version: N/A
cpe:2.3:o:lenovo:ideacentre_aio_3-22ada6_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Ideacentre Aio 3-22ada6 » Version: N/A
Lenovo » A340-22ick Firmware » Version: N/A
cpe:2.3:o:lenovo:a340-22ick_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » A340-22ick » Version: N/A
Lenovo » A340-24ick Firmware » Version: N/A
cpe:2.3:o:lenovo:a340-24ick_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » A340-24ick » Version: N/A
Lenovo » Se30 Firmware » Version: N/A
cpe:2.3:o:lenovo:se30_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Se30 » Version: N/A
Lenovo » Thinkcentre M710q (10yc) Firmware » Version: N/A
cpe:2.3:o:lenovo:thinkcentre_m710q_\(10yc\)_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Thinkcentre M710q (10yc) » Version: N/A
Lenovo » Thinkcentre M90a (gen 2) Firmware » Version: N/A
cpe:2.3:o:lenovo:thinkcentre_m90a_\(gen_2\)_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Thinkcentre M90a (gen 2) » Version: N/A
Lenovo » V30a-24iml Firmware » Version: N/A
cpe:2.3:o:lenovo:v30a-24iml_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » V30a-24iml » Version: N/A
Lenovo » V50t-13iob G2 Firmware » Version: N/A
cpe:2.3:o:lenovo:v50t-13iob_g2_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » V50t-13iob G2 » Version: N/A
Lenovo » V530-15icb Firmware » Version: N/A
cpe:2.3:o:lenovo:v530-15icb_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » V530-15icb » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-4211

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 6 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-4211

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.8	5.9	Lenovo Group Ltd.
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-4211

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Assigned by:
- nvd@nist.gov (Primary)
- psirt@lenovo.com (Secondary)

References for CVE-2021-4211

https://support.lenovo.com/us/en/product_security/LEN-77639

Multi-vendor BIOS Security Vulnerabilities (February 2022) - Lenovo Support US
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-4211

Products affected by CVE-2021-4211

Exploit prediction scoring system (EPSS) score for CVE-2021-4211

CVSS scores for CVE-2021-4211

CWE ids for CVE-2021-4211

References for CVE-2021-4211