The tagline of Lenovo PCs and tablets reads – Thin, Light, and Reliable – but the recent incident has somewhat impacted its reputation. A recent vulnerability discovered in the Notebook BIOS of Lenovo laptop models has the potential to escalate privileges. The scope of impact is Lenovo specific and the severity is medium.
Firmware vulnerability detected in Lenovo laptop models
The support team at Lenovo was quick to respond and published an advisory that underlines 3 major vulnerabilities affecting its laptop computers. All of them have the potential to enable threat actors to gain elevated privileges by one means or another. If accessed, attackers will have the direct power to disable the UEFI Secure Boot feature or install malware
The summary description on the Lenovo support pages reads –
The following vulnerabilities were reported in Lenovo Notebook BIOS.
CVE-2021-3970: A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2021-3971: A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify the firmware protection region by modifying an NVRAM variable.
CVE-2021-3972: A potential vulnerability by a driver used during the manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify the secure boot setting by modifying an NVRAM variable.
Thankfully, Lenovo has patches ready and advises the owners to update system firmware to the version (or newer) indicated for your model in the Product Impact section. It also has detailed instructions listed on this page. The manufacturer warns, if left unpatched, malware could exploit critical UEFI vulnerabilities and hide in firmware. And since the UEFI resides in a flash chip on the motherboard, infections will be more difficult to detect and even tougher to wipe clean.