CVE-2021-4211

Home/CVE/A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, Think

CVE

A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, Think

A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.

MEDIUM · CVSS 6.7 EPSS 0.0004

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-20Improper Input Validation

▤

Affected Products & Versions

lenovo a340-22icb firmwareall versions
lenovo a340-22ick firmwareall versions
lenovo a340-24icb firmwareall versions
lenovo a340-24ick firmwareall versions
lenovo a540-24icb firmwareall versions
lenovo a540-27icb firmwareall versions
lenovo ideacentre 5-14iob6 firmwareall versions
lenovo ideacentre 510s-07icb firmwareall versions
Show all 53 affected productslenovo ideacentre 510s-07ick firmwareall versions
lenovo ideacentre aio 3-22ada6 firmwareall versions
lenovo ideacentre aio 3-22iil5 firmwareall versions
lenovo ideacentre aio 3-22itl6 firmwareall versions
lenovo ideacentre aio 3-24ada6 firmwareall versions
lenovo ideacentre aio 3-24iil5 firmwareall versions
lenovo ideacentre aio 3-24itl6 firmwareall versions
lenovo ideacentre aio 3-27itl6 firmwareall versions
lenovo ideacentre creator 5-14iob6 firmwareall versions
lenovo ideacentre gaming 5-14iob6 firmwareall versions
lenovo se30 firmwareall versions
lenovo thinkcentre m600 firmwareall versions
lenovo thinkcentre m700 tiny firmwareall versions
lenovo thinkcentre m70a firmwareall versions
lenovo thinkcentre m710e firmwareall versions
lenovo thinkcentre m710q firmwareall versions
lenovo thinkcentre m710q \(10yc\) firmwareall versions
lenovo thinkcentre m710s firmwareall versions
lenovo thinkcentre m710t firmwareall versions
lenovo thinkcentre m720e firmwareall versions
lenovo thinkcentre m75n firmwareall versions
lenovo thinkcentre m800 firmwareall versions
lenovo thinkcentre m810z firmwareall versions
lenovo thinkcentre m820z firmwareall versions
lenovo thinkcentre m900 firmwareall versions
lenovo thinkcentre m900x firmwareall versions
lenovo thinkcentre m90a \(gen 2\) firmwareall versions
lenovo thinkcentre m910q firmwareall versions
lenovo thinkcentre m910s firmwareall versions
lenovo thinkcentre m910t firmwareall versions
lenovo thinkcentre m910x firmwareall versions
lenovo thinkstation p310 firmwareall versions
lenovo thinkstation p320 firmwareall versions
lenovo thinkstation p320 tiny firmwareall versions
lenovo v30a-22iml firmwareall versions
lenovo v30a-24iml firmwareall versions
lenovo v410z firmwareall versions
lenovo v50t-13iob g2 firmwareall versions
lenovo v520 firmwareall versions
lenovo v520s firmwareall versions
lenovo v530-15icb firmwareall versions
lenovo v530-15icr firmwareall versions
lenovo v530s-07icb firmwareall versions
lenovo v530s-07icr firmwareall versions
lenovo v540-24iwl firmwareall versions

▣

Scoring & Timeline

6.7

MEDIUM · CVSS v3.1 · psirt@lenovo.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD22 Apr 2022 · 09:15 PM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://support.lenovo.com/us/en/product_security/LEN-77639Vendor Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin