4 matches found
CVE-2021-3972
CVE-2021-3972 describes a Lenovo UEFI/BIOS vulnerability where a manufacturing-time driver was not deactivated in some consumer Lenovo notebooks, allowing an attacker with elevated privileges to modify an NVRAM variable and hence change Secure Boot settings. Impact can include disabling Secure Bo...
Lenovo issues fixes for laptop backdoors
Researchers have discovered three vulnerabilities affecting various Lenovo consumer laptop models. The vulnerabilities were found in UEFI firmware drivers originally meant to be used only during the manufacturing process, along with a vulnerability in the SW SMI handler function. The list of...
CVE-2021-3972
creationtimestamp| type| source ---|---|--- 2022-04-20 03:02:52+00:00| seen| https://t.me/SecLabNews/11982 2022-04-20 08:39:20+00:00| seen| https://t.me/cKure/9392 2022-04-20 11:50:25+00:00| seen| https://t.me/truesecator/2866 2022-04-20 15:13:05+00:00| seen| https://t.me/NeKaspersky/2140...
New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops
Three high-impact Unified Extensible Firmware Interface UEFI security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices. Tracked as CVE-2021-3970, CVE-2021-3971, and...