Three buffer overflow vulnerabilities have been identified in the UEFI firmware used in a number of laptops made by Lenovo and can be exploited by attackers for the purpose of taking control of windows installation during startup.
An advisory has been issued by Lenovo advising that they have discovered three vulnerabilities that are classified as medium severity.
It is the ReadyBootDxe driver that is responsible for some of the issues found in Lenovo notebooks. In the last two cases, the driver SystemLoadDefaultDxe has overflow bugs due to a buffer overflow.
There are a few models that use this second driver, including:
- Yoga
- IdeaPad
- Flex
- ThinkBook
- V14
- V15
- V130
- Slim
- S145
- S540
- S940 Lenovo lines
The problem affects over 70 individual models in total. The attacker might be able to exploit these flaws in order to hijack the execution flow of the OS and then disable the security features by leveraging them.
Vulnerabilities Detected
Lenovo Notebook BIOS has been reported to have the following vulnerabilities:-
- CVE-2022-1890: A buffer overflow has been identified in the ReadyBootDxe driver in some Lenovo notebook products which may allow an attacker with local privileges to execute arbitrary code.
- CVE-2022-1891: A buffer overflow has been identified in the SystemLoadDefaultDxe driver in some Lenovo notebook products which may allow an attacker with local privileges to execute arbitrary code.
- CVE-2022-1892: A buffer overflow has been identified in the SystemBootManagerDxe driver in some Lenovo notebook products which may allow an attacker with local privileges to execute arbitrary code.
The possibility of an attack on the firmware of the UEFI system is excessively dangerous. Since these attacks enable attackers to execute malware early in the boot process of an operating system, it is significantly harmful.
Mitigation
The affected devices should be updated to the most recent driver version as soon as possible in order to address the security risk. There is a Lenovo software download portal where you can find all the latest updates for your Lenovo laptop.
You can also use Lenovo’s automatic online detector instead of trying to figure out what model your computer is if you have trouble determining what model you have.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates.