September 26, 2023

Researchers has identified three vulnerabilities have been discovered in the UEFI firmware of several Lenovo notebooks.

Tracked CVE-2022-3430, CVE-2022-3431 and CVE-2022-3432, affecting various Lenovo Yoga, IdeaPad and ThinkBook devices.

The first of the vulnerabilities is a flaw in the WMI Setup driver, which may allow an attacker with elevated privileges to modify secure boot settings by changing a non-volatile random-access memory (NVRAM) variable.

The CVE-2022-3431 and CVE-2022-3432, are vulnerabilities in a driver that was mistakenly not deactivated during the manufacturing process and may also allow an attacker with elevated privileges to modify secure boot settings by changing an NVRAM variable.

Advertisements

While disabling UEFI Secure Boot allows direct execution of unsigned UEFI apps, restoring factory default dbx enables the use of known vulnerable bootloaders to bypass Secure Boot while keeping it enabled. As in our previous discovery, current vulnerabilities weren’t caused by flaws in the code. The affected drivers were meant to be used only during the manufacturing process but were mistakenly included in the production.

The advisory details mitigation strategies for all three vulnerabilities but clarifies that for CVE-2022-3432, the Ideapad Y700-14ISK has reached end-of-development support, and no fixes will be released.

Researchers has confirmed it reported the flaws to Lenovo, which promptly released a patch for most of them.

This research was documented by researchers from ESET

Tags:

Leave a Reply

You may have missed

Sony attack – Ransomed.vc claims responsibility

September 26, 2023

Chrome Zeroday – CVE-2023-4863 PoC Exploit Released

September 25, 2023

BlackCat adds Clarion to its Victim list

September 24, 2023

TheCyberThrone Security Week In Review – September 23, 2023

September 24, 2023

MGM Resorts and Ceasars Attacks – Lesson Learnt

September 23, 2023

CISA KEV Update September 2023 – Part II

September 23, 2023
%d bloggers like this: