Lenovo updates BIOS to patch security holes for hundreds of device models
Chinese computer maker Lenovo has just released a security advisory to warn of several high-severity BIOS vulnerabilities.
The BIOS vulnerability is of high severity, affecting hundreds of devices of different models (Desktop, All in One, IdeaCentre, Legion, ThinkCentre, ThinkPad, ThinkAgile, ThinkStation, ThinkSystem).
If exploited, these vulnerabilities can lead to information disclosure, privilege escalation, denial of service, and in some cases arbitrary code execution.
Vulnerabilities mentioned in Lenovo's security advisory include:
- CVE-2021-28216: Fix pointer error in TianoCore EDK III BIOS (UEFI's reference implementation), allowing hackers to elevate privileges and execute arbitrary code.
- CVE-2022-40135: Information leak in Smart USB Guard SMI Handler, allowing hackers to read SMM memory.
- CVE-2022-40136: Information leak in SMI Handler used to configure platform settings via WMI, allowing hackers to read SMM memory.
- CVE-2022-40137: Buffer Overflow in the WMI SMI Handler, allowing hackers to execute arbitrary code.
- American Megatrends security improvements (no CVE code assigned).
SMM (Ring-2) is part of the UEFI firmware that provides system-wide functions such as low-level hardware control and power management.
Access to SMM can be extended to the operating system and RAM, and storage resources, which is why both AMD and Intel developed SMM isolation mechanisms to keep user data safe. against low-level threats.
Remedies
Lenovo has fixed the issue in the latest BIOS updates for affected products. Most of the patches were released between July and August 2022.
Additional patches are expected to roll out in late September and October while a small number of devices will receive the patch next year. To see the details of the affected computer models and the BIOS firmware version that fixes the corresponding issue, you can access Lenovo's security message board via the link below:
Alternatively, Lenovo computer owners can visit Lenovo's software and driver download page, then search by product name, select manual update, and download the latest BIOS firmware version.
You should read it
- How to Update BIOS Safe and Correct for Laptop or desktop
- Should I update the BIOS? 5 important notes when updating BIOS
- 5 tips for using the BIOS to help you master your computer
- How to Update Your Computer's BIOS
- Instructions for upgrading BIOS
- How to Update an ASUS BIOS
- Update the BIOS for the PC motherboard in 5 steps
- Detected a serious BIOS vulnerability, affecting many Intel processors
- Apple Patches Zero-Day Vulnerability That Could Let iPhones, iPads, and MacBooks Get Hacked
- AMD will release a Ryzen boost performance BIOS update
- Update the latest patch for Windows XP to prevent dangerous security risks
- Microsoft has released a critical update for Windows 10, users need to update now
Maybe you are interested
The 5 best apps and websites to watch classic movies How to change NAT type on Windows 11/10 The new default Office font is now available on Microsoft 365, with many notable additions 12 Safe, Free Software Download Sites for Linux Evaluate the Snapdragon 860 gaming performance on the POCO X3 Pro How to change the NAT type from Strict to Moderate