3 significant-effect Unified Extensible Firmware Interface (UEFI) security vulnerabilities have been found out impacting numerous Lenovo shopper notebook designs, enabling destructive actors to deploy and execute firmware implants on the afflicted units.
Tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, the latter two “have an affect on firmware motorists at first intended to be utilised only for the duration of the manufacturing method of Lenovo shopper notebooks,” ESET researcher Martin Smolár said in a report revealed now.
“Regretably, they ended up mistakenly involved also in the production BIOS illustrations or photos without being effectively deactivated,” Smolár additional.
Profitable exploitation of the flaws could permit an attacker to disable SPI flash protections or Protected Boot, effectively granting the adversary the potential to set up persistent malware that can endure method reboots.
CVE-2021-3970, on the other hand, relates to a situation of memory corruption in the Program Management Method (SMM) of the firm, main to the execution of malicious code with the best privileges.
The a few flaws were noted to the Computer maker on October 11, 2021, adhering to which patches were being issued on April 12, 2022. A summary of the 3 flaws as explained by Lenovo is down below –
- CVE-2021-3970 – A potential vulnerability in LenovoVariable SMI Handler thanks to insufficient validation in some Lenovo Notebook models could allow for an attacker with nearby obtain and elevated privileges to execute arbitrary code.
- CVE-2021-3971 – A opportunity vulnerability by a driver employed through older manufacturing procedures on some consumer Lenovo Notebook gadgets that was mistakenly included in the BIOS impression could make it possible for an attacker with elevated privileges to modify the firmware security region by modifying an NVRAM variable.
- CVE-2021-3972 – A possible vulnerability by a driver used for the duration of producing system on some purchaser Lenovo Notebook products that was mistakenly not deactivated might allow for an attacker with elevated privileges to modify safe boot placing by modifying an NVRAM variable.
The weaknesses, which influence Lenovo Flex IdeaPads Legion V14, V15, and V17 sequence and Yoga laptops, add to the disclosure of as several as 50 firmware vulnerabilities in Insyde Software’s InsydeH2O, HP UEFI, and Dell given that the start of the calendar year.
“UEFI threats can be very stealthy and perilous,” Smolár stated. “They are executed early in the boot method, before transferring command to the operating system, which indicates that they can bypass nearly all security steps and mitigations better in the stack that could avoid their OS payloads from getting executed.”
Uncovered this article exciting? Observe THN on Fb, Twitter and LinkedIn to read through additional special content we publish.
Some components of this posting are sourced from: