September 26, 2023

Researchers has identified three vulnerabilities have been discovered in the UEFI firmware of several Lenovo notebooks.

Tracked CVE-2022-3430, CVE-2022-3431 and CVE-2022-3432, affecting various Lenovo Yoga, IdeaPad and ThinkBook devices.

The first of the vulnerabilities is a flaw in the WMI Setup driver, which may allow an attacker with elevated privileges to modify secure boot settings by changing a non-volatile random-access memory (NVRAM) variable.

The CVE-2022-3431 and CVE-2022-3432, are vulnerabilities in a driver that was mistakenly not deactivated during the manufacturing process and may also allow an attacker with elevated privileges to modify secure boot settings by changing an NVRAM variable.

Advertisements

While disabling UEFI Secure Boot allows direct execution of unsigned UEFI apps, restoring factory default dbx enables the use of known vulnerable bootloaders to bypass Secure Boot while keeping it enabled. As in our previous discovery, current vulnerabilities weren’t caused by flaws in the code. The affected drivers were meant to be used only during the manufacturing process but were mistakenly included in the production.

The advisory details mitigation strategies for all three vulnerabilities but clarifies that for CVE-2022-3432, the Ideapad Y700-14ISK has reached end-of-development support, and no fixes will be released.

Researchers has confirmed it reported the flaws to Lenovo, which promptly released a patch for most of them.

This research was documented by researchers from ESET

Leave a Reply

%d bloggers like this: