New Lenovo Notebook Models Affected By UEFI Firmware Vulnerabilities

by admin 0 Comments

Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Three vulnerabilities have been discovered in the UEFI firmware of several Lenovo notebooks.

Tracked CVE-2022-3430, CVE-2022-3431 and CVE-2022-3432, the flaws have been found by security researchers at ESET and affect various Lenovo Yoga, IdeaPad and ThinkBook devices.

The first of the vulnerabilities is a flaw in the WMI Setup driver, which may allow an attacker with elevated privileges to modify secure boot settings by changing a non-volatile random access memory (NVRAM) variable.

The CVE-2022-3431 and CVE-2022-3432, on the other hand, are vulnerabilities in a driver that was mistakenly not deactivated during the manufacturing process and may also allow an attacker with elevated privileges to modify secure boot settings by changing an NVRAM variable.

“While disabling UEFI Secure Boot allows direct execution of unsigned UEFI apps, restoring factory default dbx enables the use of known vulnerable bootloaders […] to bypass Secure Boot while keeping it enabled,” the company wrote in a series of Twitter posts.

“As in our previous discovery […], current vulnerabilities weren’t caused by flaws in the code. The affected drivers were meant to be used only during the manufacturing process but were mistakenly included in the production.”

ESET has confirmed it reported the flaws to Lenovo, which promptly released a patch for the majority of them.

“For those using one of the affected devices, we highly recommend updating to the latest firmware version. To see if you are affected by these vulnerabilities and for the firmware update instructions, visit Lenovo Advisory.”

The advisory details mitigation strategies for all three vulnerabilities but clarifies that for CVE-2022-3432, the Ideapad Y700-14ISK has reached end-of-development support, and no fixes will be released.

“Lenovo recommends customers adopt secure computing practices, including active system lifecycle management,” the company wrote.

The advisory comes weeks after Intel confirmed the alleged leak of its Alder Lake BIOS/UEFI source code that had apparently been posted on 4chan and Github.

This article was originally published by Infosecurity-magazine.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

Quishing Attacks Jump Tenfold, Attachment Payloads Halve
U.S. Treasury Hamas Spokesperson for Cyber Influence Operations
Russian APT Deploys New ‘Kapeka’ Backdoor in Eastern European Attacks
Alarming Decline in Cybersecurity Job Postings in the US
OfflRouter Malware Evades Detection in Ukraine for Almost a Decade

Leave a Reply

Your email address will not be published. Required fields are marked *