Millions of Laptop Computers Affected by Lenovo UEFI Firmware Flaws

  • By Patrick Ryan
  • Apr 20, 2022

Vulnerabilities in Unified Extensible Firmware Interface (UEFI) firmware have put Lenovo laptop computers at risk. A total of three UEFI security flaws have been identified in Lenovo laptops sold to consumers.

Why Are the Firmware Flaws a Problem?

The security flaws empower harmful actors to implement and activate firmware implants in targeted devices. The firmware flaws have the identifiers of CVE-2021-3972, CVE-2021-3972, and CVE-2021-3970. Two of the firmware flaws compromise firmware drivers intended to be used during the Lenovo laptops’ manufacturing processes. The details about the firmware vulnerabilities were provided by Martin Smolar, a digital security specialist with the ESET. Smolar’s report pertaining to the Lenovo firmware flaws was released earlier this week.

According to Smolar, the firmware drivers in question were errantly included within production BIOS images and not deactivated as they should have been. If the digital security flaws are successfully exploited, they could potentially allow a digital miscreant to disable the Secure Boot function and/or protections for SPI flash, providing the hacker with the power to add lasting malware that sticks even amidst system reboots.

UEFI threats are problematic as they are executed during the booting of the computer prior to transferring control to the computer’s underlying operating system. In other words, UEFI threats can metaphorically sidestep digital security protections that are meant to halt OS payload execution.

Are There any Differences Between the Firmware Flaws?

Yes. The CVE-2021-3970 firmware flaw is different from the other two vulnerabilities as it pertains to an instance of memory corruption within the firm’s SMM, short for System Management Mode, spurring the transmission of harmful code with elevated privileges.  

Lenovo’s security team has provided additional details about each of the three firmware flaws. Lenovo’s team describes CVE-2021-3970 as a weakness within the Variable SMI Handler resulting from the lack of validation within Lenovo Notebooks that might empower digital hackers to execute an arbitrary code through their local access and heightened privileges.

The Lenovo security team also provided details about CVE-2021-3972, stating it is a vulnerability exploited with the use of a driver in the manufacturing process of specific laptops. This flaw was not properly deactivated, setting the stage for a digital criminal with heightened privileges to alter the secure boot by changing the variable referred to as NVRAM.

Lenovo’s digital security specialists also expounded on CVE-2021-3971, stating it is a driver flaw in comparable older manufacturing processes on Lenovo laptops that errantly contained the BIOS image, permitting hackers with the proper privileges to alter the region of firmware protection by way of the aforementioned NVRAM.

When Were the Firmware Flaws Identified?

The three firmware vulnerabilities were initially publicized in mid-October of 2021.  

How Did Lenovo Respond to the Reported Firmware Vulnerabilities?

Lenovo’s security specialists responded to the reported firmware flaws by issuing patches in the second week of April 2022. In other words, it took Lenovo more than six months to provide the proper patching necessary to overcome the security flaws.  

Which Specific Laptops are Affected?

The affected Lenovo laptop models include Yoga, V17, V15, V14, Legion, IdeaPads, and Lenovo Flex. However, those who use other laptops made by Dell, HP, Insyde, UEFI, and INsydeH2O should also be aware that those computer specialists also revealed firmware vulnerabilities earlier this year.

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “Alien ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

Flagstar Bank Breach Impacts More Than a Million Customers

Flagstar Bank Breach Impacts More Than a Million Customers

Flagstar Bank is in the news for the wrong reason. The bank recently publicized the fact that it discovered a digital breach.

Weekly Recap June 24 2022

Weekly Recap June 24 2022

We are nearly halfway through 2022. News stories detailing hacks and other digital breaches continue to roll in on a daily basis.

Cybercrime Related to Travel Soars at the Year’s Halfway Point

Cybercrime Related to Travel Soars at the Year’s Halfway Point

There has been a significant spike in tourism following the gradual decline of the coronavirus pandemic.  The increase in travel has caught the attention of digital miscreants looking to scam tourists as well as travel services providers.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.