Home » Technology » Vulnerabilities In BIOS: Lenovo releases new firmware for many notebooks

Vulnerabilities In BIOS: Lenovo releases new firmware for many notebooks

Lenovo has issued a security advisory for three vulnerabilities in its UEFI firmware, which reportedly affect more than 70 of the manufacturer’s notebooks. The security experts at ESET Lenovo drew attention to these security vulnerabilities some time ago and the first updates are now available.

The latest security advisory report”Lenovo Notebook BIOS Vulnerabilities” lists the three security vulnerabilities CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892 and therefore recommends affected users to immediately update the UEFI firmware of their notebooks.

Vulnerabilities threaten more than 70 models

A List of over 70 affected models and the corresponding firmware has already been published by the manufacturer through its support. The vulnerabilities allow attackers, even locally, to execute malicious code in the boot phase when the system is started, such as the website Born .’s IT and Windows Blog reported first. Numerous Yoga, ThinkPad, IdeaPad, and Legion series notebooks can be attacked through their weaknesses.

  • CVE-2022-1890: The ReadyBootDxe driver of some Lenovo notebook products has detected a buffer overflow that could allow an attacker with local privileges to execute arbitrary code.
  • CVE-2022-1891: A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo notebook products could allow an attacker with local privileges to execute arbitrary code.
  • CVE-2022-1892: A buffer overflow in the SystemBootManagerDxe driver in some Lenovo notebook products could allow an attacker with local privileges to execute arbitrary code.

The corresponding updates to the UEFI firmware of the affected models are linked directly through Lenovo’s security report. ESET’s security experts provide more background information on the three security gaps via Twitter.

Nicole Craig

Media coordinator and junior editor at Research Snipers RS-NEWS, I studied mass communication and interested technology business, I have 3 years experience in the media industry.

1 thought on “Vulnerabilities In BIOS: Lenovo releases new firmware for many notebooks

  1. Pingback: Lenovo releases new firmware for a lot of notebooks – Analysis Snipers - Lab Techy

Leave a Reply