Lenovo has released security updates to address a couple of high-severity vulnerabilities impacting various ThinkBook, IdeaPad, and Yoga laptop models. An attacker can exploit the flaws to disable UEFI Secure Boot.
Secure Boot is a security feature of the latest Unified Extensible Firmware Interface (UEFI) 2.3.1 designed to detect tampering with boot loaders, key operating system files, and unauthorized option ROMs by validating their digital signatures. “Detections are blocked from running before they can attack or infect the system specification.”
An attacker that is able to bypass the Secure Boot could bypass any security measure running on the machine and achieve persistence even in case the OS is reinstalled.
The root cause of the flaws is the use of a vulnerable driver during the manufacturing process for some Lenovo devices that was mistakenly not deactivated.
Below are the vulnerabilities that were reported in Lenovo Notebook BIOS.
The vulnerabilities were reported to the vendor by Martin Smolár from ESET.
“While disabling UEFI Secure Boot allows direct execution of unsigned UEFI apps, restoring factory default dbx enables the use of known vulnerable bootloaders (e.g., #CVE-2022-34301 found by @eclypsium) to bypass Secure Boot, while keeping it enabled.” reads one of the tweets published by ESET.
The experts pointed out that an attacker can trigger the flaws by simply creating special NVRAM variables. The researcher Nikolaj Schlej recently posted a nice explanation of why and how firmware developers should avoid storing security-sensitive components in NVRAM variables:
Owners of the affected devices are highly recommended to update to the latest firmware version. Visiting Lenovo advisory it is possible to determine if a device is affected by these vulnerabilities and receive firmware update instructions.
The firmware versions that fix the vulnerabilities are mentioned under the CVE IDs, so make sure to upgrade to that version or later.
For official Lenovo software, check out this online support portal or run the update tool pre-installed on your computer.
(SecurityAffairs – hacking, Secure Boot)