CVE-2021-4211
MEDIUMLenovo Desktop/ThinkStation/ThinkEdge - Local Privilege Escalation
Title source: llmDescription
A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.lenovo.com/us/en/product_security/LEN-77639
Scores
CVSS v3
6.7
EPSS
0.0004
EPSS Percentile
12.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (50)
lenovo/a340-22icb_firmware
lenovo/a340-22ick_firmware
lenovo/a340-24icb_firmware
lenovo/a340-24ick_firmware
lenovo/a540-24icb_firmware
lenovo/a540-27icb_firmware
lenovo/ideacentre_5-14iob6_firmware
lenovo/ideacentre_510s-07icb_firmware
lenovo/ideacentre_510s-07ick_firmware
lenovo/ideacentre_aio_3-22ada6_firmware
... and 40 more
Published
Apr 22, 2022
Tracked Since
Feb 18, 2026