High‑impact UEFI vulnerabilities discovered in Lenovo consumer laptops

SeriousHoax

SeriousHoax

Level 49
Thread author
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
ESET researchers have discovered and analyzed three vulnerabilities affecting various Lenovo consumer laptop models. The first two of these vulnerabilities – CVE-2021-3971, CVE-2021-3972 – affect UEFI firmware drivers originally meant to be used only during the manufacturing process of Lenovo consumer notebooks. Unfortunately, they were mistakenly included also in the production BIOS images without being properly deactivated. These affected firmware drivers can be activated by attacker to directly disable SPI flash protections (BIOS Control Register bits and Protected Range registers) or the UEFI Secure Boot feature from a privileged user-mode process during OS runtime. It means that exploitation of these vulnerabilities would allow attackers to deploy and successfully execute SPI flash or ESP implants, like LoJax or our latest UEFI malware discovery ESPecter, on the affected devices.

To understand how we were able to find these vulnerabilities, consider the firmware drivers affected by CVE‑2021-3971. These drivers immediately caught our attention by their very unfortunate (but surprisingly honest) names: SecureBackDoor and SecureBackDoorPeim. After some initial analysis, we discovered other Lenovo drivers sharing a few common characteristics with the SecureBackDoor* drivers: ChgBootDxeHook and ChgBootSmm. As it turned out, their functionality was even more interesting and could be abused to disable UEFI Secure Boot (CVE-2021-3972).

In addition, while investigating above mentioned vulnerable drivers, we discovered the third vulnerability: SMM memory corruption inside the SW SMI handler function (CVE-2021-3970). This vulnerability allows arbitrary read/write from/into SMRAM, which can lead to the execution of malicious code with SMM privileges and potentially lead to the deployment of an SPI flash implant.

We reported all discovered vulnerabilities to Lenovo on October 11th, 2021. Altogether, the list of affected devices contains more than one hundred different consumer laptop models with millions of users worldwide, from affordable models like Ideapad-3 to more advanced ones like Legion 5 Pro-16ACH6 H or Yoga Slim 9-14ITL05. The full list of affected models with active development support is published in the Lenovo Advisory.

In addition to the models listed in the advisory, several other devices we reported to Lenovo are also affected, but won’t be fixed due to...........................
Click to expand...
www.welivesecurity.com

When

ESET research discovers vulnerabilities in Lenovo consumer laptop models that allow attackers with admin rights to expose users to firmware-level malware.
www.welivesecurity.com
 
  • Like
  • +Reputation
  • Wow
Reactions: vtqhtr413, Deletedmessiah, Andy Ful and 10 others
CyberTech

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
The UEFI firmware used in several laptops made by Lenovo is vulnerable to three buffer overflow vulnerabilities that could enable attackers to hijack the startup routine of Windows installations.

Lenovo has issued a security advisory disclosing three medium severity vulnerabilities tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892.

The first is an issue in the ReadyBootDxe driver used in some Lenovo notebook products, while the last two are buffer overflow bugs in the SystemLoadDefaultDxe driver.

This second driver is used in the Yoga, IdeaPad, Flex, ThinkBook, V14, V15, V130, Slim, S145, S540, and S940 Lenovo lines, affecting over 70 individual models.

For more information on the impacted models, check out Lenovo's product impact table at the bottom of the security advisory.
Click to expand...

The rest
www.bleepingcomputer.com

New UEFI firmware flaws impact over 70 Lenovo laptop models

The UEFI firmware used in several laptops made by Lenovo is vulnerable to three buffer overflow vulnerabilities that could enable attackers to hijack the startup routine of Windows installations.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Wow
  • Thanks
Reactions: Zartarra, JB007, plat and 11 others
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
Qualcomm UEFI Flaws Expose Microsoft, Lenovo, Samsung Devices to Attacks
Replies
0
Views
802
News Archive
silversurfer
silversurfer
enaph
    • Hundred Points
    • +Reputation
Security News Zero-Day Flaws in Mazda’s Infotainment Expose Cars to Takeover Attacks
Replies
0
Views
277
Security News
enaph
enaph
Gandalf_The_Grey
    • Like
    • +Reputation
    • Applause
Lenovo Windows 11 and 10 laptops have Secure Boot vulnerability, BIOS update out
Replies
1
Views
1,053
News Archive
Stopspying
Stopspying

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top