Shopper electronics maker Lenovo on Tuesday rolled out fixes to include 3 security flaws in its UEFI firmware impacting around 70 product or service styles.
“The vulnerabilities can be exploited to attain arbitrary code execution in the early phases of the system boot, quite possibly allowing the attackers to hijack the OS execution flow and disable some vital security options,” Slovak cybersecurity business ESET said in a sequence of tweets.

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
Tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892, all three bugs relate to buffer overflow vulnerabilities that have been described by Lenovo as major to privilege escalation on afflicted methods. Martin Smolár from ESET has been credited with reporting the flaws.
The bugs stem from an insufficient validation of an NVRAM variable called “DataSize” in 3 unique motorists ReadyBootDxe, SystemLoadDefaultDxe, and SystemBootManagerDxe, resulting in a buffer overflow that could be weaponized to realize code execution.
This is the next time Lenovo has moved to handle UEFI security vulnerabilities due to the fact the start out of the calendar year. In April, the corporation settled three flaws (CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972) — also discovered by Smolár — that could have been abused to deploy and execute firmware implants.
End users of impacted equipment are really proposed to update their firmware to the most current edition to mitigate opportunity threats.
Found this posting fascinating? Follow THN on Fb, Twitter and LinkedIn to read through much more unique content material we write-up.
Some parts of this article are sourced from:
thehackernews.com