Change language

Lenovo has fixed BIOS vulnerabilities in hundreds of PC and laptop models

Lenovo has released an update to fix several serious BIOS vulnerabilities affecting hundreds of devices across Desktop, All in One, IdeaCentre, Legion, ThinkCentre, ThinkPad, ThinkAgile, ThinkStation and ThinkSystem models.

Related: best laptop for engineering student - 2022 review

Exploiting these vulnerabilities can lead to information disclosure, privilege escalation, denial of service and, under certain circumstances, the execution of arbitrary code.

Lenovo's patch bulletin lists the following vulnerabilities:

  • CVE-2021-28216: A pointer vulnerability in the TianoCore EDK II BIOS (UEFI reference implementation) that allows an attacker to escalate privileges and execute arbitrary code has been fixed;
  • CVE-2022-40134: An information leak vulnerability in the Set Bios Password SMI handler has been fixed, allowing an attacker to read SMM memory;
  • CVE-2022-40135: A security vulnerability in the SMI Smart USB Protection handler has been fixed, allowing an attacker to read SMM memory;
  • CVE-2022-40136: An information leak vulnerability has been fixed in the SMI handler used to configure platform settings via WMI, allowing an attacker to read SMM memory;
  • CVE-2022-40137: a buffer overflow vulnerability in the WMI SMI handler was fixed, allowing an attacker to execute arbitrary code.

SMM is part of the UEFI firmware that provides system-wide functions such as low-level hardware management and power management. UEFI (Unified Extensible Firmware Interface ) is a firmware interface used when starting a computer to initialize hardware components and run the operating system, which is stored on the hard disk.

SMM access can be extended to the operating system, RAM and storage resources. This is why both AMD and Intel have developed SMM isolation mechanisms to protect user data from low-level threats.

Lenovo has fixed issues in the latest BIOS updates for the affected products. Most of the patches currently released are available as of July and August 2022.

Featured book: CEH v11 Certified Ethical Hacker Study Guide PDF version

Additional fixes are expected by the end of September and October, and a small list of models will receive updates next year.

A full list of affected computer models and BIOS firmware versions addressing each vulnerability is included in the security bulletin with links to the download portal for each model.

In addition, owners of Lenovo computers can go to the Drivers and Software portal, search for their product by name, select "Manual Update" and download the latest available BIOS firmware version.

In July, it became known that more than 70 Lenovo laptop models were affected by a serious UEFI firmware vulnerability associated with a buffer overflow error. The problem was discovered by security experts at ESET. They gave the vulnerability a medium severity level.

Shop

Learn programming in R: courses

$

Best Python online courses for 2022

$

Best laptop for Fortnite

$

Best laptop for Excel

$

Best laptop for Solidworks

$

Best laptop for Roblox

$

Best computer for crypto mining

$

Best laptop for Sims 4

$

Latest questions

NUMPYNUMPY

Common xlabel/ylabel for matplotlib subplots

12 answers

NUMPYNUMPY

How to specify multiple return types using type-hints

12 answers

NUMPYNUMPY

Why do I get "Pickle - EOFError: Ran out of input" reading an empty file?

12 answers

NUMPYNUMPY

Flake8: Ignore specific warning for entire file

12 answers

NUMPYNUMPY

glob exclude pattern

12 answers

NUMPYNUMPY

How to avoid HTTP error 429 (Too Many Requests) python

12 answers

NUMPYNUMPY

Python CSV error: line contains NULL byte

12 answers

NUMPYNUMPY

csv.Error: iterator should return strings, not bytes

12 answers

News


Wiki

Python | How to copy data from one Excel sheet to another

Common xlabel/ylabel for matplotlib subplots

Check if one list is a subset of another in Python

sin

How to specify multiple return types using type-hints

exp

Printing words vertically in Python

exp

Python Extract words from a given string

Cyclic redundancy check in Python

Finding mean, median, mode in Python without libraries

cos

Python add suffix / add prefix to strings in a list

Why do I get "Pickle - EOFError: Ran out of input" reading an empty file?

Python - Move item to the end of the list

Python - Print list vertically