Security
Headlines
HeadlinesLatestCVEs

Headline

New UEFI Firmware Flaws Reported in Several Lenovo Notebook Models

PC maker Lenovo has addressed yet another set of three shortcomings in the Unified Extensible Firmware Interface (UEFI) firmware affecting several Yoga, IdeaPad, and ThinkBook devices. “The vulnerabilities allow disabling UEFI Secure Boot or restoring factory default Secure Boot databases (incl. dbx): all simply from an OS,” Slovak cybersecurity firm ESET explained in a series of tweets. UEFI

The Hacker News
#vulnerability#lenovo#The Hacker News

PC maker Lenovo has addressed yet another set of three shortcomings in the Unified Extensible Firmware Interface (UEFI) firmware affecting several Yoga, IdeaPad, and ThinkBook devices.

“The vulnerabilities allow disabling UEFI Secure Boot or restoring factory default Secure Boot databases (incl. dbx): all simply from an OS,” Slovak cybersecurity firm ESET explained in a series of tweets.

UEFI refers to software that acts as an interface between the operating system and the firmware embedded in the device’s hardware. Because UEFI is responsible for launching the operating system when a device is powered on, it has made the technology an attractive option for threat actors looking to drop malware that’s difficult to detect and remove.

Viewed in that light, the flaws, tracked as CVE-2022-3430, CVE-2022-3431, and CVE-2022-3432, could be abused by an adversary to turn off Secure Boot, a security mechanism that’s designed to prevent malicious programs from loading during the boot process.

Lenovo’s advisory describes the vulnerabilities as follows -

  • CVE-2022-3430: A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify Secure Boot setting by modifying an NVRAM variable.

  • CVE-2022-3431: A potential vulnerability in a driver used during the manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify Secure Boot setting by modifying an NVRAM variable.

  • CVE-2022-3432: A potential vulnerability in a driver used during the manufacturing process on the IdeaPad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify Secure Boot setting by modifying an NVRAM variable.

In other words, disabling the UEFI Secure Boot makes it possible for threat actors to execute rogue boot loaders, granting the attackers privileges access to the compromised hosts.

ESET said the vulnerabilities weren’t lapses in the source code per se, but rather came into being because the “drivers were meant to be used only during the manufacturing process but were mistakenly included in the production.”

The latest update marks the third time Lenovo has moved to patch flaws in its UEFI firmware, all of which have been discovered and reported by ESET researcher Martin Smolár.

While the first set of issues (CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972) could have permitted bad actors to deploy and execute firmware implants on the affected devices, the second batch (CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892) could be weaponized to achieve arbitrary code execution and disable security features.

Lenovo said it does not intend to release fixes for CVE-2022-3432 owing to the fact that the model in question has reached end-of-life (EoL). Users of the other impacted devices are recommended to update their firmware to the latest version.

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Related news

CVE-2022-1890: Lenovo Notebook BIOS Vulnerabilities - Lenovo Support US

A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

CVE-2022-3430: Lenovo Notebook BIOS Vulnerabilities - Lenovo Support US

A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Acer Firmware Flaw Lets Attackers Bypass Key Security Feature

The manufacturer is working to fix a vulnerability — similar to a previous problem in Lenovo laptops — that allows threat actors to modify or disable Secure Boot settings to load malware.

New UEFI Firmware Vulnerabilities Impact Several Lenovo Notebook Models

Consumer electronics maker Lenovo on Tuesday rolled out fixes to contain three security flaws in its UEFI firmware affecting over 70 product models. "The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features," Slovak cybersecurity

New UEFI Firmware Vulnerabilities Impact Several Lenovo Notebook Models

Consumer electronics maker Lenovo on Tuesday rolled out fixes to contain three security flaws in its UEFI firmware affecting over 70 product models. "The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features," Slovak cybersecurity

New UEFI Firmware Vulnerabilities Impact Several Lenovo Notebook Models

Consumer electronics maker Lenovo on Tuesday rolled out fixes to contain three security flaws in its UEFI firmware affecting over 70 product models. "The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features," Slovak cybersecurity

New UEFI Firmware Vulnerabilities Impact Several Lenovo Notebook Models

Consumer electronics maker Lenovo on Tuesday rolled out fixes to contain three security flaws in its UEFI firmware affecting over 70 product models. "The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features," Slovak cybersecurity

New UEFI Firmware Vulnerabilities Impact Several Lenovo Notebook Models

Consumer electronics maker Lenovo on Tuesday rolled out fixes to contain three security flaws in its UEFI firmware affecting over 70 product models. "The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features," Slovak cybersecurity

New UEFI Firmware Vulnerabilities Impact Several Lenovo Notebook Models

Consumer electronics maker Lenovo on Tuesday rolled out fixes to contain three security flaws in its UEFI firmware affecting over 70 product models. "The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features," Slovak cybersecurity

The Hacker News: Latest News

New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus