Lenovo has published a security advisory to warn customers of vulnerabilities that affect its Unified Extensible Firmware Interface (UEFI) loaded on at least 100 of its notebook models, including IdeaPad 3, Legion 5 Pro-16ACH6 H, and Yoga Slim 9-14ITL05.
“The following vulnerabilities were reported in Lenovo Notebook BIOS.” reads the advisory published by Lenovo.
The three flaws were reported by ESET researchers to Lenovo in October.
The Secure boot is a security standard developed by members of the PC industry to ensure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM).
The third vulnerability, tracked as CVE-2021-3970, can be exploited by a local attacker to execute arbitrary code with elevated privileges.
The vulnerabilities affecting the Lenovo UEFI result from the use of two UEFI firmware drivers, named SecureBackDoor and SecureBackDoorPeim respectively. Both drivers are used only during the manufacturing process.
“ESET researchers have discovered and analyzed three vulnerabilities affecting various Lenovo consumer laptop models. The first two of these vulnerabilities – CVE-2021-3971, CVE-2021-3972 – affect UEFI firmware drivers originally meant to be used only during the manufacturing process of Lenovo consumer notebooks.” reads the advisory published by ESET. “Unfortunately, they were mistakenly included also in the production BIOS images without being properly deactivated.”
The researchers pointed out that UEFI vulnerabilities are very insidious because they could be exploited by threat actors to deploy stealthy implants that are able to bypass security protections that operate at the OS level.
“All of the real-world UEFI threats discovered in recent years (LoJax, MosaicRegressor, MoonBounce, ESPecter, FinSpy) needed to bypass or disable the security mechanisms in some way in order to be deployed and executed. However, only in the case of LoJax, the first in-the-wild UEFI rootkit (discovered by ESET Research in 2018), do we have a clue how it was done – by using the ReWriter_binary capable of exploiting the Speed Racer vulnerability.” concludes ESET. “Our discovery, together with the above-mentioned ones, demonstrates that in some cases, deployment of UEFI threats might not be as difficult as expected, and the larger number of real-world UEFI threats discovered in the last years suggests that adversaries are aware of this.”
Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform
(SecurityAffairs – hacking, Lenove)