Wednesday, July 13, 2022
HomeInformation SecurityNew UEFI Firmware Vulnerabilities Influence A number of Lenovo Pocket book Fashions

New UEFI Firmware Vulnerabilities Influence A number of Lenovo Pocket book Fashions


Client electronics maker Lenovo on Tuesday rolled out fixes to include three safety flaws in its UEFI firmware affecting over 70 product fashions.

“The vulnerabilities could be exploited to realize arbitrary code execution within the early phases of the platform boot, probably permitting the attackers to hijack the OS execution circulation and disable some necessary security measures,” Slovak cybersecurity agency ESET stated in a sequence of tweets.

UEFI Firmware Vulnerabilities

Tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892, all three bugs relate to buffer overflow vulnerabilities which have been described by Lenovo as resulting in privilege escalation on affected methods. Martin Smolár from ESET has been credited with reporting the failings.

CyberSecurity

The bugs stem from an inadequate validation of an NVRAM variable referred to as “DataSize” in three completely different drivers ReadyBootDxe, SystemLoadDefaultDxe, and SystemBootManagerDxe, resulting in a buffer overflow that may very well be weaponized to realize code execution.

That is the second time Lenovo has moved to handle UEFI safety vulnerabilities for the reason that begin of the 12 months. In April, the corporate resolved three flaws (CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972) — additionally found by Smolár — that would have been abused to deploy and execute firmware implants.

Customers of impacted gadgets are extremely beneficial to replace their firmware to the newest model to mitigate potential threats.



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments