What is CVE-2021-4212?

CVE-2021-4212 is a medium-severity vulnerability in Lenovo Bios, classified under Improper Input Validation. CVSS score: 6.7/10. Published 2022-04-22.

How severe is CVE-2021-4212?

Medium severity. CVSS v3 base score is 6.7 out of 10.

Improper input validation in Lenovo Bios

CVE-2021-4212

A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.002 (15.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Lenovo Bios — versions various
Lenovo C340-14iml
Lenovo C340-14iml_firmware
Lenovo C340-15iml
Lenovo C340-15iml_firmware
Lenovo D330-10igm
Lenovo D330-10igm_firmware
Lenovo Duet_3-10igl5
Lenovo Duet_3-10igl5_firmware
Lenovo E41-50

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

psirt@lenovo.com (Patch, x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2021-4212?: CVE-2021-4212 is a medium-severity vulnerability in Lenovo Bios, classified under Improper Input Validation. CVSS score: 6.7/10. Published 2022-04-22.
How severe is CVE-2021-4212?: Medium severity. CVSS v3 base score is 6.7 out of 10.