Lenovo fixed UEFI driver issues affecting over 100 laptop models

Lenovo fixed UEFI driver issues affecting over 100 laptop models

As stated in their post, Two of these vulnerabilities… affect UEFI firmware drivers originally meant to be used only during the manufacturing process of Lenovo consumer notebooks. Unfortunately, they were mistakenly included also in the production BIOS images without being properly deactivated. Exploiting the drivers could allow an attacker to gain elevated privileges on the target systems.

Lenovo has just addressed a number of significant UEFI driver vulnerabilities. More than 100 laptop models were compromised by the flaws, putting millions of users’ security at risk around the world. Users must upgrade their laptops to acquire the patches because Lenovo has published them. UEFI Driver Issues with Lenovo The Lenovo UEFI driver flaws were recently disclosed by ESET researchers in a blog post. In a nutshell, two of these vulnerabilities, CVE-2021-3971 and CVE-2021-3972, were discovered in Lenovo devices after the erroneous installation of two BIOS drivers that should have been deleted.

Highlights

  • Alongside these two vulnerabilities, the researchers also found a third vulnerability, CVE-2021-3970. Identified as an SMM memory corruption flaw in the SW SMI handler function, the bug could allow arbitrary read/write from/into SMRAM. It could let an adversary gain SMM privileges, execute codes, and even deploy SPI flash implant. ESET confirmed that these vulnerabilities potentially affect more than 100 laptop models, excluding the EOL models. Lenovo Patched The Bugs The researchers discovered the bug in October 2021, after which they swiftly reached out to Lenovo to report the matter.

  • Then, the adversary could disable SPI flash protections (BIOS Control Register bits and Protected Range registers) (CVE-2021-3971) or the UEFI Secure Boot feature (CVE-2021-3972). As explained, the researchers found the vulnerabilities after noticing the peculiar driver names “SecureBackDoor” and “SecureBackDoorPeim”. Analyzing them further made them catch two other drivers, “ChgBootDxeHook” and “ChgBootSmm” sharing some characteristics with the former two drivers.

From the news latesthackingnews.com

Consequently, the tech giant started working on developing the patches and finally rolled out the fixes recently. In its advisory, Lenovo has listed the vulnerable laptop models alongside the download links for the patches. Users must manually check their systems for updates to get the fixes and avoid any exploits. Let us know your thoughts in the comments. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: abeerah@latesthackingnews.com