Vulnerability Description
A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | A340-22Icb Firmware | - |
| Lenovo | A340-22Icb | - |
| Lenovo | A340-22Ick Firmware | - |
| Lenovo | A340-22Ick | - |
| Lenovo | A340-24Icb Firmware | - |
| Lenovo | A340-24Icb | - |
| Lenovo | A340-24Ick Firmware | - |
| Lenovo | A340-24Ick | - |
| Lenovo | A540-24Icb Firmware | - |
| Lenovo | A540-24Icb | - |
| Lenovo | A540-27Icb Firmware | - |
| Lenovo | A540-27Icb | - |
| Lenovo | Ideacentre 5-14Iob6 Firmware | - |
| Lenovo | Ideacentre 5-14Iob6 | - |
| Lenovo | Ideacentre 510S-07Icb Firmware | - |
| Lenovo | Ideacentre 510S-07Icb | - |
| Lenovo | Ideacentre 510S-07Ick Firmware | - |
| Lenovo | Ideacentre 510S-07Ick | - |
| Lenovo | Ideacentre Aio 3-22Ada6 Firmware | - |
| Lenovo | Ideacentre Aio 3-22Ada6 | - |
Related Weaknesses (CWE)
References
- https://support.lenovo.com/us/en/product_security/LEN-77639Vendor Advisory
- https://support.lenovo.com/us/en/product_security/LEN-77639Vendor Advisory
FAQ
What is CVE-2021-4211?
CVE-2021-4211 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevat...
How severe is CVE-2021-4211?
CVE-2021-4211 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-4211?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo A340-22Icb Firmware, Lenovo A340-22Icb, Lenovo A340-22Ick Firmware, Lenovo A340-22Ick, Lenovo A340-24Icb Firmware.