Lenovo UEFI Firmware Vulnerabilities Risk Numerous Laptop Models

Heads up, Lenovo users! Your laptop might just need a major update as Lenovo addressed numerous UEFI firmware vulnerabilities with the latest release. These vulnerabilities impact over 70 different Lenovo laptop models, requiring urgent updates.

Lenovo UEFI Firmware Vulnerabilities

According to a new advisory, Lenovo has recently fixed multiple security vulnerabilities in its UEFI firmware. Specifically, they have patched three different bugs in the firmware that riddles the security of more than 70 Lenovo laptop models.

These bugs include,

  • CVE-2022-1890: buffer overflow vulnerability in the ReadyBootDxe driver. Exploiting the bug could allow an adversary to gain elevated privileges and execute arbitrary codes on the target systems.
  • CVE-2022-1891: buffer overflow vulnerability in the SystemLoadDefaultDxe driver. Exploiting this bug could lead to local privilege escalation, allowing an attacker for arbitrary code execution.
  • CVE-2022-1892: another buffer overflow vulnerability. This bug affected the SystemBootManagerDxe driver, allowing local privilege escalation and subsequent code execution to an adversary.

Lenovo has shared a detailed list of all impacted models in their advisory, which includes numerous laptops from Lenovo Flex, IdeaPad, ThinkBook, Yoga, and Yoga Slim series. Users can check out the advisory to know if their respective device models are mentioned in the list. If found, users must rush to update their device firmware with the latest patched version at the earliest.

While security updates always demand immediate attention, such bugs that affect the firmware are especially critical owing to their impact. According to ESET researchers who found these vulnerabilities in Lenovo UEFI firmware, exploiting these bugs could allow an attacker to hijack OS execution flow.

Regarding the impact of this vulnerability, ESET researchers explained in their tweet,

These vulnerabilities were caused by insufficient validation of DataSize parameter passed to the UEFI Runtime Services function GetVariable. An attacker could create a specially crafted NVRAM variable, causing buffer overflow of the Data buffer in the second GetVariable call.

They also explain that detecting such vulnerabilities is possible via the IDA plugin efiXplorer plugin as well. Although, the plugin couldn’t detect these respective flaws at the time of discovery, it can now do so to help other researchers find similar bugs quickly.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients