Lenovo has released updates regarding vulnerabilities detected in the UEFI Firmware component affecting Yoga, IdeaPad, and ThinkBook devices. UEFI refers to software that acts as an interface between the operating system and the firmware embedded in the device’s hardware and is responsible for starting the operating system when a device is powered on. Therefore, UEFI offers a highly attractive attack surface for threat actors who want to release hard-to-detect and remove malware.
Here are the details of the vulnerabilities that could be used by threat actors to disable Secure Boot, a security mechanism designed to prevent malicious programs from loading during the boot process;
- The vulnerability, tracked as CVE-2022-3430, affects the WMI Setup driver on certain Lenovo Notebook PC devices and allows a threat actor with elevated privileges to modify Secure Boot settings by modifying an NVRAM variable.
- The vulnerability, tracked as CVE-2022-3431, affects a driver used in certain Lenovo Notebook PC devices that is not accidentally disabled during the manufacturing process and could allow a threat actor with elevated privileges to change the Secure Boot setting by changing an NVRAM variable.
- The vulnerability, tracked as CVE-2022-3432, affects a driver used during the manufacturing process on the IdeaPad Y700-14ISK that was not accidentally disabled and could allow a threat actor with elevated privileges to alter the Secure Boot setting by changing an NVRAM variable.
After the vulnerabilities were detected by the Eset security researcher, Lenovo announced that they took action to fix the vulnerabilities. However, Lenovo has stated that they do not plan to release fixes for CVE-2022-3432 as the affected model has reached the end of life (EoL). In this context, it is recommended that users of other affected devices update their firmware to the latest version in order not to be the target of attacks that can be carried out using vulnerabilities.