Security News > 2022 > July > Lenovo issues firmware updates after UEFI vulnerabilities disclosed
Security researchers have spotted some fresh flaws in Lenovo laptops just months after the vendor patched another batch, with the PC maker fixing a trio of vulnerabilities flagged up by ESET this week.
The vulnerabilities reported were buffer overflows in the UEFI firmware.
"It's a typical UEFI 'double GetVariable' vulnerability," the team added, before giving a hat tip to efiXplorer.
The disclosure follows another three vulnerabilities patched in April, also concerned with UEFI on Lenovo kit.
These vulnerabilities were caused by insufficient validation of DataSize parameter passed to the UEFI Runtime Services function GetVariable.
The Register asked ESET for more detail on how these vulnerabilities could be exploited, and asked Lenovo why this seems to keep happening.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/07/14/lenovo_uefi_vuln/