Not too long ago, Lenovo’s new BIOS updates fixes the high-severity vulnerabilities impacting tons of of units in a number of fashions (Desktop, All in One, IdeaCentre, Legion, ThinkCentre, ThinkPad, ThinkAgile, ThinkStation, ThinkSystem).
The potential influence might embody Data disclosure, privilege escalation and denial of service.
The Listing of Vulnerabilities Consists of:
- CVE-2021-28216 – Mounted pointer vulnerability in TianoCore EDK II BIOS that enable an attacker with native entry and elevated privileges to execute arbitrary code. TianoCore EDK II is the foundational open supply UEFI (BIOS) code used all through trade in all fashionable computer systems.
- CVE-2022-40134 – Data leak vulnerability discovered within the SMI Set BIOS Password SMI Handler, enable an attacker with native entry and elevated privileges to learn SMM reminiscence.
- CVE-2022-40135 – Data leak vulnerability within the Good USB Safety SMI Handler, enable an attacker with native entry and elevated privileges to learn SMM reminiscence.
- CVE-2022-40136 – Data leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo fashions, enable an attacker with native entry and elevated privileges to learn SMM reminiscence.
- CVE-2022-40137 – Buffer overflow within the WMI SMI Handler, enable an attacker with native entry and elevated privileges to execute arbitrary code.
American Megatrends safety enhancements (AMI), no CVE accessible.
To Obtain the Newest Model:
- Seek for your product by title or machine sort.
- Click on Drivers & Software program on the left menu panel.
- Click on on Handbook Replace.
Advice
In accordance with the Lenovo’s safety advisory, “Replace system firmware to the model (or newer) indicated on your mannequin”.
The corporate has mounted the problems within the new BIOS updates for impacted merchandise. Remaining fixes are anticipated by the tip of September and October and few fashions might obtain patches within the upcoming yr.
The entire checklist of the impacted laptop fashions and the BIOS firmware model that addresses the vulnerabilities are included within the ‘Safety Advisory’, with hyperlinks to the obtain portal for every mannequin.
Obtain Free SWG – Safe Internet Filtering – E-book
