4 matches found
CVE-2021-3970
A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code...
CVE-2021-3970
CVE-2021-3970 applies to Lenovo notebook firmware. The issue is a memory corruption in the LenovoVariable SMI Handler caused by insufficient validation, potentially allowing a local attacker with elevated privileges to execute arbitrary code in BIOS/SMM. Lenovo and advisories note affected models...
Lenovo issues fixes for laptop backdoors
Researchers have discovered three vulnerabilities affecting various Lenovo consumer laptop models. The vulnerabilities were found in UEFI firmware drivers originally meant to be used only during the manufacturing process, along with a vulnerability in the SW SMI handler function. The list of...
New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops
Three high-impact Unified Extensible Firmware Interface UEFI security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices. Tracked as CVE-2021-3970, CVE-2021-3971, and...