Three vulnerabilities have been discovered in the UEFI firmware of numerous Lenovo notebooks.
Tracked CVE-2022-3430, CVE-2022-3431 and CVE-2022-3432, the flaws have been found by security scientists at ESET and affect various Lenovo Yoga, IdeaPad and ThinkBook units.
The 1st of the vulnerabilities is a flaw in the WMI Setup driver, which may well allow for an attacker with elevated privileges to modify safe boot options by switching a non-risky random accessibility memory (NVRAM) variable.
The CVE-2022-3431 and CVE-2022-3432, on the other hand, are vulnerabilities in a driver that was mistakenly not deactivated through the manufacturing approach and may well also enable an attacker with elevated privileges to modify secure boot settings by modifying an NVRAM variable.
“While disabling UEFI Secure Boot makes it possible for direct execution of unsigned UEFI applications, restoring manufacturing facility default dbx permits the use of regarded susceptible bootloaders […] to bypass Protected Boot even though preserving it enabled,” the company wrote in a sequence of Twitter posts.
“As in our past discovery […], present vulnerabilities weren’t brought on by flaws in the code. The influenced motorists had been intended to be utilized only throughout the production procedure but were mistakenly incorporated in the production.”
ESET has confirmed it reported the flaws to Lenovo, which promptly produced a patch for the vast majority of them.
“For those utilizing just one of the affected gadgets, we really advise updating to the most recent firmware variation. To see if you are influenced by these vulnerabilities and for the firmware update recommendations, stop by Lenovo Advisory.”
The advisory information mitigation tactics for all a few vulnerabilities but clarifies that for CVE-2022-3432, the Ideapad Y700-14ISK has achieved stop-of-progress assist, and no fixes will be produced.
“Lenovo recommends customers undertake protected computing methods, including energetic procedure lifecycle administration,” the organization wrote.
The advisory arrives months immediately after Intel verified the alleged leak of its Alder Lake BIOS/UEFI source code that had apparently been posted on 4chan and Github.
Some areas of this article are sourced from: