This serious firmware flaw affects a whole load of Lenovo laptops

Magnifying glass enlarging the word 'malware' in computer machine code
(Image credit: Shutterstock)

Three serious security vulnerabilities has been discovered, and patched, across a whole slew of Lenovo laptops. 

Cybersecurity experts from ESET uncovered the issue in the ReadyBootDxe driver used by some Lenovo notebooks, as well as two buffer overflow issues found in the SystemLoadDefaultDxe driver, potentially allowing threat actors to hijack the startup routine of Windows installations.

The Yoga, IdeaPad, Flex, ThinkBook, V14, V15, V130, Slim, S145, S540, and S940 Lenovo lines are all affected, counting more than 70 endpoint models.

Improved code

"These vulnerabilities were caused by insufficient validation of DataSize parameter passed to the UEFI Runtime Services function GetVariable," ESET Research tweeted out, recently.

"An attacker could create a specially crafted NVRAM variable, causing buffer overflow of the Data buffer in the second GetVariable call."

The company has also submitted improved code to Binarly's UEFI firmware analyzer 'efiXplorer,' the publication further found, which all interested admins can find on GitHub, for free.

The vulnerabilities, tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892, reside in UEFI firmware, and as such, are quite dangerous. Exploiting them allows threat actors to run malware during boot, effectively circumventing any antivirus programs. It also makes malware more persistent, as wiping the disk, which is considered the Hail Mary of virus elimination, doesn’t help.

The silver lining is that not everyone can exploit these flaws - it does require a bit of knowledge. Still, more experienced crooks can wreak major damage. 

To make sure their devices are safe, admins are advised to always keep them up to date, both on the software and on the hardware side of things, as well as to keep any software used, updated. Furthermore, having a strong firewall solution helps, as well as antivirus.

Users that don’t know exactly which Lenovo model they’re using can use the company’s automatic online detector here.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.