Lenovo updates BIOS to patch security holes for hundreds of device models
The BIOS vulnerability is of high severity, affecting hundreds of devices of different models (Desktop, All in One, IdeaCentre, Legion, ThinkCentre, ThinkPad, ThinkAgile, ThinkStation, ThinkSystem).
If exploited, these vulnerabilities can lead to information disclosure, privilege escalation, denial of service, and in some cases arbitrary code execution.
Vulnerabilities mentioned in Lenovo's security advisory include:
- CVE-2021-28216: Fix pointer error in TianoCore EDK III BIOS (UEFI's reference implementation), allowing hackers to elevate privileges and execute arbitrary code.
- CVE-2022-40135: Information leak in Smart USB Guard SMI Handler, allowing hackers to read SMM memory.
- CVE-2022-40136: Information leak in SMI Handler used to configure platform settings via WMI, allowing hackers to read SMM memory.
- CVE-2022-40137: Buffer Overflow in the WMI SMI Handler, allowing hackers to execute arbitrary code.
- American Megatrends security improvements (no CVE code assigned).
SMM (Ring-2) is part of the UEFI firmware that provides system-wide functions such as low-level hardware control and power management.
Access to SMM can be extended to the operating system and RAM, and storage resources, which is why both AMD and Intel developed SMM isolation mechanisms to keep user data safe. against low-level threats.
Remedies
Lenovo has fixed the issue in the latest BIOS updates for affected products. Most of the patches were released between July and August 2022.
Additional patches are expected to roll out in late September and October while a small number of devices will receive the patch next year. To see the details of the affected computer models and the BIOS firmware version that fixes the corresponding issue, you can access Lenovo's security message board via the link below:
Alternatively, Lenovo computer owners can visit Lenovo's software and driver download page, then search by product name, select manual update, and download the latest BIOS firmware version.
You should read it
- How to Update BIOS Safe and Correct for Laptop or desktop
- Should I update the BIOS? 5 important notes when updating BIOS
- 5 tips for using the BIOS to help you master your computer
- How to Update Your Computer's BIOS
- Instructions for upgrading BIOS
- How to Update an ASUS BIOS
- Update the BIOS for the PC motherboard in 5 steps
- Detected a serious BIOS vulnerability, affecting many Intel processors
- Apple Patches Zero-Day Vulnerability That Could Let iPhones, iPads, and MacBooks Get Hacked
- AMD will release a Ryzen boost performance BIOS update
- Update the latest patch for Windows XP to prevent dangerous security risks
- Microsoft has released a critical update for Windows 10, users need to update now
Maybe you are interested
Leaked images of Lenovo's first roll-up screen laptop
Lenovo's profits rise as AI demand drives PC's gradual recovery
Which laptop should I buy: Dell, HP, Asus, Lenovo, Macbook
Lenovo ThinkPad Z13 Gen 2 review: Incredible power in a compact design
Lenovo launches ThinkPad P1 (Gen 7): The first laptop with LPCAMM2 memory
Lenovo launches ThinkBook X AI 2024