Lenovo again has problems with vulnerabilities in dozens of notebook models. ESETResearch has discovered vulnerabilities that can be used to bypass the secure UEFI Secure Boot. Lenovo reacted immediately and is providing patches. The vulnerabilities have a severity of High!
ESETResearch has discovered 3 vulnerabilities in the UEFI firmware of several Lenovo notebooks and reported them to the manufacturer. The vulnerabilities allow disabling UEFI Secure Boot or restoring factory default Secure Boot databases easily from an operating system. Already in April of this year and also again in September Lenovo had to report vulnerabilities in notebooks. If you missed these updates, you should make up for them.
Vulnerabilities in UEFI Secure Boot
Lenovo thanked ESET for the information about the vulnerabilities and immediately worked out updates for them. They are available for users on the Lenovo website. A few dozen models are affected. Lenovo describes the vulnerabilities as follows:
CVE-2022-3430
A potential vulnerability in the WMI setup driver on some Lenovo notebook consumer devices could allow an elevated attacker to change the Secure Boot setting by modifying an NVRAM variable.
CVE-2022-3431
A potential vulnerability in a driver used on some Lenovo notebook consumer devices during the manufacturing process, which was inadvertently not disabled, could allow an elevated attacker to override the Secure Boot setting by modifying an NVRAM variable.
CVE-2022-3432
A potential vulnerability in a driver used on the Ideapad Y700-14ISK during the manufacturing process that was incorrectly not disabled could allow an elevated attacker to override the secure boot setting by modifying an NVRAM variable.
Who is affected and who is not?
Lenovo provides a detailed list of which models are affected by which vulnerability. Sometimes there are several, sometimes just one. Well-known product lines are affected, such as IdeaPad 5, Lenovo Slim 7, Thinkbook, Yoga, Yoga Slim. The update is recommended for all users because the severity of the vulnerabilities is classified as high.
More at Lenovo.com