Input validation error in Lenovo products - CVE-2021-4212
Published: April 14, 2022
Vulnerability identifier: #VU62320
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-4212
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
ideapad C340-14IML
ideapad C340-15IML
ideapad D330-10IGM
ideapad Duet 3-10IGL5
Lenovo E41-50
ideapad FLEX-14IML
ideapad FLEX-15IML
IdeaPad 3-14ARE05
IdeaPad 3-15ARE05
IdeaPad 3-17ARE05
Ideapad 5-15ITL05
ideapad L340-15IRH Gaming
ideapad L340-15IWL
ideapad L340-15IWL Touch
ideapad L340-17IRH Gaming
ideapad L340-17IWL
Lenovo Legion Y540-15IRH
Lenovo Legion Y540-15IRH-PG0
Lenovo Legion Y540-17IRH
Lenovo Legion Y540-17IRH-PG0
Lenovo Legion Y545
Lenovo Legion Y545-PG0
Lenovo Legion Y7000-2019
Lenovo Legion Y7000-2019-PG0
ideapad S340-13IML
ideapad S340-14API
ideapad S340-14IML
ideapad S340-15API
ideapad S340-15API Touch
ideapad S340-15IML
ideapad S340-15IML Touch
ideapad S540-14IML
ideapad S540-14IML Touch
ideapad S540-15IL
ideapad Slim 7-14ARE05
ideapad Slim 7-14IIL05
ideapad Slim 7-14ITL05
ideapad Slim 7-15IIL05
ideapad Slim 7-15IMH05
ideapad Slim 7-15ITL05
ThinkBook 13x ITG
ThinkBook 14 G3 ITL
ThinkBook Plus G2 ITG
Lenovo V14-ARE
V140-15IWL
Lenovo V340-17IWL
ideapad Yoga 6-13ALC6
ideapad Yoga Creator 7-15IMH05
ideapad Yoga Slim 7 Carbon 13ITL5
ideapad Yoga Slim 7-13ITL05
ideapad Yoga Slim 7-14ARE05
ideapad Yoga Slim 7-14IIL05
ideapad Yoga Slim 7-14ITL05
ideapad Yoga Slim 7-15IIL05
ideapad Yoga Slim 7-15IMH05
ideapad Yoga Slim 7-15ITL05
ideapad 5 Pro-14ACN6
ideapad 5 Pro-14ITL6
ideapad 5 Pro-16IHU6
ideapad 5-14ALC05
ideapad 5-14ARE05
ideapad Creator 5-15IMH05
ideapad Gaming 3-15ACH6
ideapad Gaming 3-15ARH05
ideapad Gaming 3-15IMH05
ideapad C340-14IML
ideapad C340-15IML
ideapad D330-10IGM
ideapad Duet 3-10IGL5
Lenovo E41-50
ideapad FLEX-14IML
ideapad FLEX-15IML
IdeaPad 3-14ARE05
IdeaPad 3-15ARE05
IdeaPad 3-17ARE05
Ideapad 5-15ITL05
ideapad L340-15IRH Gaming
ideapad L340-15IWL
ideapad L340-15IWL Touch
ideapad L340-17IRH Gaming
ideapad L340-17IWL
Lenovo Legion Y540-15IRH
Lenovo Legion Y540-15IRH-PG0
Lenovo Legion Y540-17IRH
Lenovo Legion Y540-17IRH-PG0
Lenovo Legion Y545
Lenovo Legion Y545-PG0
Lenovo Legion Y7000-2019
Lenovo Legion Y7000-2019-PG0
ideapad S340-13IML
ideapad S340-14API
ideapad S340-14IML
ideapad S340-15API
ideapad S340-15API Touch
ideapad S340-15IML
ideapad S340-15IML Touch
ideapad S540-14IML
ideapad S540-14IML Touch
ideapad S540-15IL
ideapad Slim 7-14ARE05
ideapad Slim 7-14IIL05
ideapad Slim 7-14ITL05
ideapad Slim 7-15IIL05
ideapad Slim 7-15IMH05
ideapad Slim 7-15ITL05
ThinkBook 13x ITG
ThinkBook 14 G3 ITL
ThinkBook Plus G2 ITG
Lenovo V14-ARE
V140-15IWL
Lenovo V340-17IWL
ideapad Yoga 6-13ALC6
ideapad Yoga Creator 7-15IMH05
ideapad Yoga Slim 7 Carbon 13ITL5
ideapad Yoga Slim 7-13ITL05
ideapad Yoga Slim 7-14ARE05
ideapad Yoga Slim 7-14IIL05
ideapad Yoga Slim 7-14ITL05
ideapad Yoga Slim 7-15IIL05
ideapad Yoga Slim 7-15IMH05
ideapad Yoga Slim 7-15ITL05
ideapad 5 Pro-14ACN6
ideapad 5 Pro-14ITL6
ideapad 5 Pro-16IHU6
ideapad 5-14ALC05
ideapad 5-14ARE05
ideapad Creator 5-15IMH05
ideapad Gaming 3-15ACH6
ideapad Gaming 3-15ARH05
ideapad Gaming 3-15IMH05
Software vendor:
Lenovo
Lenovo
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in the SMI callback function within the Legacy BIOS mode driver. A local user can execute arbitrary code with elevated privileges.
Remediation
Install updates from vendor's website.