Three UEFI Firmware Vulnerabilities Affect Millions of Lenovo Users

Vulnerabilities in Lenovo UEFI
Written by Emma Davis

Lenovo has published a security bulletin and warned of three vulnerabilities that affect its UEFI, which is used on at least 100 laptop models of the company.

Bugs made it possible to inject malware into the firmware and execute arbitrary code. In addition, such threats are almost impossible to detect and remove.

By the way, we already wrote that Bugs in Lenovo laptops allow getting administrator privileges – check your Lenovo firmware versions.

All three new vulnerabilities were discovered by ESET researchers back in October last year, and they have now been fixed. In total, the bugs affect more than 100 laptop models, including the IdeaPad 3, Legion 5 Pro-16ACH6 H and Yoga Slim 9-14ITL05. This means that millions of users are working with vulnerable devices.

However, not only Lenovo has problems: for example, we wrote how Microsoft explained why Windows 10 crashes on Lenovo laptops.

Two of the three vulnerabilities (CVE-2021-3972 and CVE-2021-3971) are related to the fact that drivers that should have been used only during the production process were mistakenly included in the current UEFI firmware, exposing devices to risks.

So, bugs allowed attackers with elevated privileges to change secure boot settings (CVE-2021-3972), or change the protection region of the firmware (CVE-2021-3971). According to ESET, hackers could use these issues to “deploy and successfully run SPI flash or ESP implants.”

The third issue, CVE-2021-3970, does allow a local attacker to execute arbitrary code with elevated privileges.

Vulnerabilities in Lenovo UEFI

ESET’s own report highlights that UEFI exploits can be extremely stealthy and dangerous, as they are executed “at the beginning of the boot process, before the OS takes control.”

In fact, this means that majority of security products and solutions that operate at the OS level are useless against such vulnerabilities, and payload execution in this case is almost inevitable and impossible to detect.

Even though vulnerabilities aren’t the only option for turning off or bypassing firmware security mitigations, there are many such vulnerabilities and due to the number of different firmware implementations and their complexity, many more are likely just waiting to be discovered. Only in the last year, we have seen numerous high-impact UEFI firmware vulnerabilities being publicly disclosed.ESET representatives reported.

To protect against attacks related to these vulnerabilities, Lenovo recommends that users of affected devices update their firmware to the latest available versions as soon as possible.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.