New UEFI Firmware Bugs in Lenovo Notebook Models Let Hackers Perform RCE

Three buffer overflow vulnerabilities have been identified in the UEFI firmware used in a number of laptops made by Lenovo and can be exploited by attackers for the purpose of taking control of windows installation during startup.

An advisory has been issued by Lenovo advising that they have discovered three vulnerabilities that are classified as medium severity.

EHA

It is the ReadyBootDxe driver that is responsible for some of the issues found in Lenovo notebooks. In the last two cases, the driver SystemLoadDefaultDxe has overflow bugs due to a buffer overflow.

There are a few models that use this second driver, including:

  • Yoga
  • IdeaPad
  • Flex
  • ThinkBook
  • V14
  • V15
  • V130
  • Slim
  • S145
  • S540
  • S940 Lenovo lines

The problem affects over 70 individual models in total. The attacker might be able to exploit these flaws in order to hijack the execution flow of the OS and then disable the security features by leveraging them.

Vulnerabilities Detected

Lenovo Notebook BIOS has been reported to have the following vulnerabilities:-

  • CVE-2022-1890: A buffer overflow has been identified in the ReadyBootDxe driver in some Lenovo notebook products which may allow an attacker with local privileges to execute arbitrary code. 
  • CVE-2022-1891: A buffer overflow has been identified in the SystemLoadDefaultDxe driver in some Lenovo notebook products which may allow an attacker with local privileges to execute arbitrary code. 
  • CVE-2022-1892: A buffer overflow has been identified in the SystemBootManagerDxe driver in some Lenovo notebook products which may allow an attacker with local privileges to execute arbitrary code.

The possibility of an attack on the firmware of the UEFI system is excessively dangerous. Since these attacks enable attackers to execute malware early in the boot process of an operating system, it is significantly harmful.

Mitigation

The affected devices should be updated to the most recent driver version as soon as possible in order to address the security risk. There is a Lenovo software download portal where you can find all the latest updates for your Lenovo laptop.

You can also use Lenovo’s automatic online detector instead of trying to figure out what model your computer is if you have trouble determining what model you have.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.