Vulnerabilities In BIOS: Lenovo releases new firmware for many notebooks
Lenovo has issued a security advisory for three vulnerabilities in its UEFI firmware, which reportedly affect more than 70 of the manufacturer’s notebooks. The security experts at ESET Lenovo drew attention to these security vulnerabilities some time ago and the first updates are now available.
The latest security advisory report”Lenovo Notebook BIOS Vulnerabilities” lists the three security vulnerabilities CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892 and therefore recommends affected users to immediately update the UEFI firmware of their notebooks.
Vulnerabilities threaten more than 70 models
A List of over 70 affected models and the corresponding firmware has already been published by the manufacturer through its support. The vulnerabilities allow attackers, even locally, to execute malicious code in the boot phase when the system is started, such as the website Born .’s IT and Windows Blog reported first. Numerous Yoga, ThinkPad, IdeaPad, and Legion series notebooks can be attacked through their weaknesses.
- CVE-2022-1890: The ReadyBootDxe driver of some Lenovo notebook products has detected a buffer overflow that could allow an attacker with local privileges to execute arbitrary code.
- CVE-2022-1891: A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo notebook products could allow an attacker with local privileges to execute arbitrary code.
- CVE-2022-1892: A buffer overflow in the SystemBootManagerDxe driver in some Lenovo notebook products could allow an attacker with local privileges to execute arbitrary code.
The corresponding updates to the UEFI firmware of the affected models are linked directly through Lenovo’s security report. ESET’s security experts provide more background information on the three security gaps via Twitter.
Research Snipers is currently covering all technology news including Google, Apple, Android, Xiaomi, Huawei, Samsung News, and More. Research Snipers has decade of experience in breaking technology news, covering latest trends in tech news, and recent developments.
