3 vulnerabilities have been discovered in the UEFI firmware of numerous Lenovo notebooks.
Tracked CVE-2022-3430, CVE-2022-3431 and CVE-2022-3432, the flaws have been found by security researchers at ESET and impact several Lenovo Yoga, IdeaPad and ThinkBook devices.
The initially of the vulnerabilities is a flaw in the WMI Setup driver, which might permit an attacker with elevated privileges to modify safe boot settings by altering a non-unstable random entry memory (NVRAM) variable.
The CVE-2022-3431 and CVE-2022-3432, on the other hand, are vulnerabilities in a driver that was mistakenly not deactivated in the course of the manufacturing procedure and may possibly also allow for an attacker with elevated privileges to modify protected boot configurations by modifying an NVRAM variable.
“While disabling UEFI Protected Boot lets immediate execution of unsigned UEFI apps, restoring manufacturing facility default dbx permits the use of recognised susceptible bootloaders […] to bypass Safe Boot whilst maintaining it enabled,” the enterprise wrote in a series of Twitter posts.
“As in our prior discovery […], latest vulnerabilities weren’t brought on by flaws in the code. The affected drivers have been meant to be used only throughout the producing course of action but ended up mistakenly provided in the manufacturing.”
ESET has verified it documented the flaws to Lenovo, which instantly produced a patch for the the vast majority of them.
“For those people working with one particular of the impacted devices, we remarkably recommend updating to the latest firmware variation. To see if you are affected by these vulnerabilities and for the firmware update directions, go to Lenovo Advisory.”
The advisory information mitigation tactics for all three vulnerabilities but clarifies that for CVE-2022-3432, the Ideapad Y700-14ISK has reached end-of-development support, and no fixes will be unveiled.
“Lenovo recommends prospects adopt secure computing tactics, such as lively process lifecycle administration,” the company wrote.
The advisory will come weeks following Intel confirmed the alleged leak of its Alder Lake BIOS/UEFI source code that had apparently been posted on 4chan and Github.
Some parts of this article are sourced from:
www.infosecurity-magazine.com