New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops
Reading Time: 2 minutes

ESET, a cybersecurity firm, has discovered new Lenovo UEFI firmware vulnerabilities that affect millions of Laptops. The vulnerabilities impacting numerous Lenovo laptops enable bad actors to deploy and execute firmware implants on the affected devices. 

The vulnerabilities are tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972. ESET researcher Martin Smolár in a report published today said the latter two “affect firmware drivers originally meant to be used only during the manufacturing process of Lenovo consumer notebooks.”

He added, “Unfortunately, they were mistakenly included also in the production BIOS images without being properly deactivated.”

The attackers are capable of disabling SPI flash protections or Secure Boot, effectively granting the adversary the ability to install persistent malware that can survive system reboots, once successfully exploited. 

CVE-2021-3970 deals with memory corruption in the System Management Mode (SMM) of the firm, leading to the execution of malicious code with the highest privileges.

According to Lenovo, the flaws have been reported on October 11, 2021. Patches for the same were issued on April 12, 2022. The three vulnerabilities are explained in brief by Lenova as follows. 

  1. CVE-2021-3970 – A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.
  2. CVE-2021-3971 – A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify the firmware protection region by modifying an NVRAM variable.
  3. CVE-2021-3972 – A potential vulnerability by a driver used during the manufacturing process on some consumer Lenovo Notebook devices that were mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot settings by modifying an NVRAM variable.

The vulnerabilities impact Lenovo Flex; IdeaPads; Legion; V14, V15, and V17 series; and Yoga laptops. Additionally, there is a disclosure of around 50 firmware vulnerabilities in Insyde Software’s InsydeH2O, HP UEFI, and Dell since the start of the year.

ESET researchers added, “UEFI threats can be extremely stealthy and dangerous. They are executed early in the boot process, before transferring control to the operating system, which means that they can bypass almost all security measures and mitigations higher in the stack that could prevent their OS payloads from being executed.”

Related Articles:
Virtual Reality May Offer You Sexual Harassment Training
Fortnite Battle Royale V20.20 Update – The Battle For Coney Crossroads, New Shotgun and More
LMDE Upgrade Tool in BETA – Upgrade Linux Mint Debian Edition 4 ‘Debbie’ To 5 ‘Elsie’