Security News > 2022 > July > New UEFI firmware flaws impact over 70 Lenovo laptop models

New UEFI firmware flaws impact over 70 Lenovo laptop models
2022-07-13 16:15

The UEFI firmware used in several laptops made by Lenovo is vulnerable to three buffer overflow vulnerabilities that could enable attackers to hijack the startup routine of Windows installations.

Lenovo has issued a security advisory disclosing three medium severity vulnerabilities tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892.

The first is an issue in the ReadyBootDxe driver used in some Lenovo notebook products, while the last two are buffer overflow bugs in the SystemLoadDefaultDxe driver.

To help the cybersecurity community identify and fix similar issues, ESET submitted code improvements to Binarly's UEFI firmware analyzer 'efiXplorer,' which is freely available on GitHub.

UEFI firmware attacks are extremely dangerous because they enable threat actors to run malware early in an operating system's boot process, even before Windows built-in security protections are activated.

If you have trouble determining what model you're using, Lenovo offers an automatic online detector that you can use instead..


News URL

https://www.bleepingcomputer.com/news/security/new-uefi-firmware-flaws-impact-over-70-lenovo-laptop-models/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2022-1892 Classic Buffer Overflow vulnerability in Lenovo products
A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
local
low complexity
lenovo CWE-120
7.8
2023-01-26 CVE-2022-1891 Classic Buffer Overflow vulnerability in Lenovo products
A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
local
low complexity
lenovo CWE-120
7.8
2023-01-26 CVE-2022-1890 Out-of-bounds Write vulnerability in Lenovo products
A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
local
low complexity
lenovo CWE-787
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Lenovo 3015 32 211 119 17 379