Bugs in UEFI Affect about 70 Models of Lenovo Laptops

ESET experts reported that UEFI in many Lenovo laptops is vulnerable to three buffer overflow bugs, which can allow attackers to interfere with the OS startup process and disable security mechanisms.

The vulnerabilities have been identified as CVE-2022-1890, CVE-2022-1891 and CVE-2022-1892, and Lenovo developers have already published a security bulletin dedicated to them and a table of products for which these bugs pose a threat.

The first issue is related to the ReadyBootDxe driver, which is used in some Lenovo laptops, and the other two problems are related to a buffer overflow in the SystemLoadDefaultDxe driver. The second driver is often found in Lenovo Yoga, IdeaPad, Flex, ThinkBook, V14, V15, V130, Slim, S145, S540, and S940 models.

ESET analysts who discovered these problems write that the bugs are caused by incorrect validation of the DataSize parameter, which is passed to the GetVariable UEFI Runtime Services function.

To fix the detected issues, users of affected devices are advised to download the latest available drivers from the Lenovo official website.

To download the version specified for your product, follow these steps:

1. Go to the support site for drivers and software for your product:

1.1. Lenovo products (sold worldwide except China): https://support.lenovo.com/
1.2. Lenovo products (sold in China): https://newsupport.lenovo.com.cn/
1.3. IBM System x Legacy products: https://www.ibm.com/support/fixcentral/

2. Find your product by name or machine type.
3. Click “Drivers & Software” on the left menu bar.
4. Click “Manual Update” to view the component type.
5. Compare the minimum patch version for your product from the appropriate product table below with the latest version posted on the support site.

It is also worth noting that ESET has introduced improvements to the efiXplorer UEFI analyzer, which is used to identify and fix these issues. You can find this tool on GitHub.