This serious firmware flaw affects a whole load of Lenovo laptops

Three flaws discovered in Lenovo UEFI firmware

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Three serious security vulnerabilities has been discovered, and patched, across a whole slew ofLenovolaptops.

Cybersecurity experts from ESET uncovered the issue in the ReadyBootDxe driver used by some Lenovo notebooks, as well as two buffer overflow issues found in the SystemLoadDefaultDxe driver, potentially allowing threat actors to hijack the startup routine of Windows installations.

The Yoga, IdeaPad, Flex, ThinkBook, V14, V15, V130, Slim, S145, S540, and S940 Lenovo lines are all affected, counting more than 70endpointmodels.

Improved code

“These vulnerabilities were caused by insufficient validation of DataSize parameter passed to the UEFI Runtime Services function GetVariable,” ESET Research tweeted out, recently.

“An attacker could create a specially crafted NVRAM variable, causing buffer overflow of the Data buffer in the second GetVariable call.”

The company has also submitted improved code to Binarly’s UEFI firmware analyzer ‘efiXplorer,’ the publication further found, which all interested admins can find on GitHub, for free.

The vulnerabilities, tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892, reside in UEFI firmware, and as such, are quite dangerous. Exploiting them allows threat actors to run malware during boot, effectively circumventing any antivirus programs. It also makes malware more persistent, as wiping the disk, which is considered the Hail Mary of virus elimination, doesn’t help.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Intel, Lenovo and more hit by major BIOS security flaws>This bootkit has been used to backdoor Windows devices for almost a decade>Here’s our rundown of the best antivirus software around

The silver lining is that not everyone can exploit these flaws - it does require a bit of knowledge. Still, more experienced crooks can wreak major damage.

To make sure their devices are safe, admins are advised to always keep them up to date, both on the software and on the hardware side of things, as well as to keep any software used, updated. Furthermore, having a strongfirewallsolution helps, as well as antivirus.

Users that don’t know exactly which Lenovo model they’re using can use the company’s automatic online detectorhere.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

This new malware utilizes a rare programming language to evade traditional detection methods