Security News > 2022 > July > Lenovo issues firmware updates after UEFI vulnerabilities disclosed

Lenovo issues firmware updates after UEFI vulnerabilities disclosed
2022-07-14 16:15

Security researchers have spotted some fresh flaws in Lenovo laptops just months after the vendor patched another batch, with the PC maker fixing a trio of vulnerabilities flagged up by ESET this week.

The vulnerabilities reported were buffer overflows in the UEFI firmware.

"It's a typical UEFI 'double GetVariable' vulnerability," the team added, before giving a hat tip to efiXplorer.

The disclosure follows another three vulnerabilities patched in April, also concerned with UEFI on Lenovo kit.

These vulnerabilities were caused by insufficient validation of DataSize parameter passed to the UEFI Runtime Services function GetVariable.

The Register asked ESET for more detail on how these vulnerabilities could be exploited, and asked Lenovo why this seems to keep happening.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/07/14/lenovo_uefi_vuln/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Lenovo 2278 4 176 156 16 352