Lenovo: UEFI firmware updates close dangerous gap
laptops
Over 70 models of Lenovo laptops are affected by a UEFI firmware vulnerability. The manufacturer has released suitable updates.
News
security researchers from ESET have encountered a vulnerability affecting over 70 laptop models including the ThinkBooks, IdeaPad and Yoga series from Lenovo. Attackers can use a buffer overflow in the data transmission of the UEFI BIOS to inject and execute malicious code at device level even before the installed operating system boots and security mechanisms take effect. Lenovo responded promptly and is providing updates for affected models.
Exploiting the vulnerability is very dangerous, but at least it was classified as not serious or even likely. on the Lenovo support websites there is a list of affected devices and instructions on how to get the appropriate downloads. A total of three gaps are closed. They affect the ReadyBootDxe, SystemLoadDefaultDxe, and SystemBootManagerDxe drivers in some Lenovo notebooks. They are summarized under the identification numbers CVE-2022-1890, CVE-2022-1891 and CVE-2022-1892.
Go to the product page of your device on the Lenovo website and find the item “Drivers & Software”. Compare available firmware update version numbers with those in the table on the linked website. Then follow the options to download an update relevant to you.
Among the affected devices, there are frequently found models such as the IdeaPad 3, Legion S7, ThinkBook15-IIL or Lenovo Yogas from various series. In many cases, only one of the drivers mentioned is vulnerable and requires an update. All three drivers need to be replaced on some 14 and 15 inch ThinkBooks.
Continue to home page
Reference-www.pc-magazin.de