Three high-impact Unified Extensible Firmware Interface (UEFI) security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices.
Tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, the latter two โaffect firmware drivers originally meant to be used only during the manufacturing process of Lenovo consumer notebooks,โ ESET researcher Martin Smolรกr said in a report published today.
โUnfortunately, they were mistakenly included also in the production BIOS images without being properly deactivated,โ Smolรกr added.
Successful exploitation of the flaws could permit an attacker to disable SPI flash protections or Secure Boot, effectively granting the adversary the ability to install persistent malware that can survive system reboots.
CVE-2021-3970, on the other hand, relates to a case of memory corruption in the System Management Mode (SMM) of the firm, leading to the execution of malicious code with the highest privileges.
The three flaws were reported to the PC maker on October 11, 2021, following which patches were issued on April 12, 2022. A summary of the three flaws as described by Lenovo is below -
The weaknesses, which impact Lenovo Flex; IdeaPads; Legion; V14, V15, and V17 series; and Yoga laptops, add to the disclosure of as many as 50 UEFI firmware vulnerabilities in Insyde Softwareโs InsydeH2O, HP, and Dell since the start of the year.
Included in the list are six severe flaws in HPโs firmware affecting laptops and desktops that, if successfully exploited, could allow attackers to locally escalate to SMM privileges and trigger a denial-of-service (DoS) condition.
โUEFI threats can be extremely stealthy and dangerous,โ Smolรกr said. โThey are executed early in the boot process, before transferring control to the operating system, which means that they can bypass almost all security measures and mitigations higher in the stack that could prevent their OS payloads from being executed.โ
Found this article interesting? Follow THN on Facebook, Twitter ๏ and LinkedIn to read more exclusive content we post.