Bugs in UEFI Affect about 70 Models of Lenovo Laptops

Bugs in UEFI in Lenovo
Written by Emma Davis

ESET experts reported that UEFI in many Lenovo laptops is vulnerable to three buffer overflow bugs, which can allow attackers to interfere with the OS startup process and disable security mechanisms.

Let me remind you that in April we already talked about the fact that Three UEFI Firmware Vulnerabilities Affect Millions of Lenovo Users. We also reported that Microsoft explained why Windows 10 crashes on Lenovo laptops.

The vulnerabilities have been identified as CVE-2022-1890, CVE-2022-1891 and CVE-2022-1892, and Lenovo developers have already published a security bulletin dedicated to them and a table of products for which these bugs pose a threat.

The first issue is related to the ReadyBootDxe driver, which is used in some Lenovo laptops, and the other two problems are related to a buffer overflow in the SystemLoadDefaultDxe driver. The second driver is often found in Lenovo Yoga, IdeaPad, Flex, ThinkBook, V14, V15, V130, Slim, S145, S540, and S940 models.

ESET analysts who discovered these problems write that the bugs are caused by incorrect validation of the DataSize parameter, which is passed to the GetVariable UEFI Runtime Services function.

An attacker could prepare a special NVRAM variable, which would cause a data buffer overflow on the second call to GetVariable.experts say.

Bugs in UEFI in Lenovo

To fix the detected issues, users of affected devices are advised to download the latest available drivers from the Lenovo official website.

To download the version specified for your product, follow these steps:

  1. Go to the support site for drivers and software for your product:
  2. 1.1. Lenovo products (sold worldwide except China): https://support.lenovo.com/
    1.2. Lenovo products (sold in China): https://newsupport.lenovo.com.cn/
    1.3. IBM System x Legacy products: https://www.ibm.com/support/fixcentral/

  3. Find your product by name or machine type.
  4. Click “Drivers & Software” on the left menu bar.
  5. Click “Manual Update” to view the component type.
  6. Compare the minimum patch version for your product from the appropriate product table below with the latest version posted on the support site.

It is also worth noting that ESET has introduced improvements to the efiXplorer UEFI analyzer, which is used to identify and fix these issues. You can find this tool on GitHub.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply