news

Security issues in UEFI affetcted 70 lenovo models laptop

Security issues in UEFI affected 70 Lenovo models laptop

ESET experts have revealed that 70 models of Lenovo laptops are prone to UEFI (Unified Extensible Firmware Interface)/BIOS ( Basic Input/Output System) which is very dangerous, if so the attackers can easily execute their arbitrary code in security alert because it allows them to run the operating system, this not only allows it to be manipulated in any way but may also allow the system’s security mechanisms to be disabled.

UEFI

Lenovo company has highlighted all three CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892 and told that they have also issued more security advisories, the company said that we have already been given security by our developers and published a bulletin and a table of products and provided complete information about.

According to analytics of ESETs that discovered all three bugs told Lenovo could be risky because the attackers could take advantage of this vulnerability to hijack the OS execution flow as well as disable security features.

ESET revealed through a tweet that the only vulnerability it found was insufficient validation of the dataSize parameter passed to the RuntimeServices method GetVariable and that an attacker who has a good grasp of all these things could easily create NVRAM variables and the second may call GetVariable and that’s why the data buffer may overflow.

Given all this, Lenovo has warned users that Retbleed is a new speculative execution affecting devices with AMD CPUs and Intel that’s why users need to be very careful. Not only this, Lenovo company has given advice while addressing all the people who use the XClarity Controller server and also some companies affecting the manufacturers.

Although firmware defects are a very common occurrence, it is not such a big issue that many researchers have found many vulnerabilities in third-party components used by many such manufacturers.

If you are also in a dilemma as to which model you should be using, then Lenovo can provide to be a good option for you because it provides an automatic online detector for its users which will help you a lot.

About the author

Christopher Edwards

Hey This is Chris, I am a Malware researcher and security analyst. I love to find out about new threats and viruses and I started this website to teach people how to stay safe online. You will get all the latest malware removal tips and tricks here. You can also ask for any virus related problem in comment section or through our contact page.