Security News > 2022 > September > New Lenovo BIOS updates fix security bugs in hundreds of models

New Lenovo BIOS updates fix security bugs in hundreds of models
2022-09-14 17:43

Chinese computer manufacturer Lenovo has issued a security advisory to warn of several high-severity BIOS vulnerabilities impacting hundreds of devices in the various models.

CVE-2022-40134: Information leak flaw in the SMI Set Bios Password SMI Handler, allowing an attacker to read SMM memory.

CVE-2022-40136: Information leak flaw in SMI Handler used for configuring platform settings over WMI, enabling an attacker to read SMM memory.

Lenovo has fixed the issues in the latest BIOS updates for impacted products.

A complete list of the impacted computer models and the BIOS firmware version that addresses each vulnerability is included in the security bulletin, with links to the download portal for each model.

Lenovo computer owners may navigate to the "Drivers & Software" portal, search for their product by name, select "Manual Update", and download the latest available BIOS firmware version.


News URL

https://www.bleepingcomputer.com/news/security/new-lenovo-bios-updates-fix-security-bugs-in-hundreds-of-models/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-01-30 CVE-2022-40136 Out-of-bounds Read vulnerability in Lenovo products
An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
local
low complexity
lenovo CWE-125
4.4
2023-01-30 CVE-2022-40134 Out-of-bounds Read vulnerability in Lenovo products
An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
local
low complexity
lenovo CWE-125
4.4

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Lenovo 3015 32 211 119 17 379