Millions of Laptops Impacted by Lenovo UEFI Firmware Vulnerabilities

Researchers have recently identified three Lenovo UEFI firmware vulnerabilities of high impact located in various Lenovo laptop models that consumers use. By successfully exploiting these flaws, threat actors can deploy and execute firmware implants on the impacted devices.

More Details on the Lenovo UEFI Firmware Vulnerabilities

According to ESET researcher Martin Smolár’s report, the following CVEs were assigned to these flaws:

CVE-2021-3970 CVE-2021-3971 CVE-2021-3972

with the last two having an impact on firmware drivers initially designed for the sole use “during the production process of Lenovo consumer notebooks.”

What can hackers do if abusing the Lenovo UEFI Firmware vulnerabilities successfully is that they may be able to disable SPI flash safeguards or Secure Boot, effectively allowing them to install persistent malware that can continue to live despite a system reboot.

The first two of these vulnerabilities – CVE-2021-3971, CVE-2021-3972 – affect UEFI firmware drivers originally meant to be used only during the manufacturing process of Lenovo consumer notebooks. Unfortunately, they were mistakenly included also in the production BIOS images without being properly deactivated. These affected firmware drivers can be activated by attacker to directly disable SPI flash protections (BIOS Control Register bits and Protected Range registers) or the

Read More: https://heimdalsecurity.com/blog/millions-of-laptops-impacted-by-lenovo-uefi-firmware-vulnerabilities/