Three buffer overflow vulnerabilities have been identified in the UEFI firmware used in a number of laptops manufactured by Lenovo and can be exploited by attackers in an attempt to gain control of Windows installation at boot.
An advisory has been issued by Lenovo stating that they have discovered three vulnerabilities classified as medium severity.
It is the ReadyBootDxe driver that is responsible for some of the issues found in Lenovo laptops. In the last two cases, the SystemLoadDefaultDxe driver has overflow bugs due to a buffer overflow.
There are a few models that use this second driver, including:
- Lenovo S940 lines
The problem affected more than 70 individual models in total. The attacker might be able to exploit these flaws in order to hijack the execution flow of the operating system and then disable security features by exploiting them.
The BIOS of Lenovo laptops has the following vulnerabilities:-
- CVE-2022-1890: A buffer overflow has been identified in the ReadyBootDxe driver of certain Lenovo laptop products, which may allow an attacker with local privileges to execute arbitrary code.
- CVE-2022-1891: A buffer overflow has been identified in the SystemLoadDefaultDxe driver of certain Lenovo laptops, which may allow an attacker with local privileges to execute arbitrary code.
- CVE-2022-1892: A buffer overflow has been identified in the SystemBootManagerDxe driver of certain Lenovo laptop products, which may allow an attacker with local privileges to execute arbitrary code.
The possibility of an attack on the UEFI system firmware is exceedingly dangerous. Since these attacks allow attackers to execute malware early in an operating system’s boot process, they are significantly harmful.
Affected devices should be updated to the latest driver version as soon as possible to address the security risk. There is a Lenovo software download portal where you can find all the latest updates for your Lenovo laptop.
You can also use Lenovo’s online auto-detector instead of trying to determine your computer model if you’re having trouble determining which model you have.
You can follow us on Linkedin, TwitterFacebook for daily cybersecurity updates.