Security News > 2022 > November > New UEFI Firmware Flaws Reported in Several Lenovo Notebook Models

New UEFI Firmware Flaws Reported in Several Lenovo Notebook Models
2022-11-10 06:36

PC maker Lenovo has addressed yet another set of three shortcomings in the Unified Extensible Firmware Interface firmware affecting several Yoga, IdeaPad, and ThinkBook devices.

"The vulnerabilities allow disabling UEFI Secure Boot or restoring factory default Secure Boot databases: all simply from an OS," Slovak cybersecurity firm ESET explained in a series of tweets.

UEFI refers to software that acts as an interface between the operating system and the firmware embedded in the device's hardware.

The latest update marks the third time Lenovo has moved to patch flaws in its UEFI firmware, all of which have been discovered and reported by ESET researcher Martin Smolár.

While the first set of issues could have permitted bad actors to deploy and execute firmware implants on the affected devices, the second batch could be weaponized to achieve arbitrary code execution and disable security features.

Users of the other impacted devices are recommended to update their firmware to the latest version.


News URL

https://thehackernews.com/2022/11/new-uefi-firmware-flaws-reported-in.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Lenovo 2278 4 176 156 16 352