Lenovo UEFI firmware driver bugs affect over 100 notebook models

Lenovo has published a security advisory on vulnerabilities that impact its Unified Extensible Firmware Interface (UEFI) loaded on at least 100 of its laptop models.

A total of three security issues were discovered, two of them allowing an attacker to disable the protection for the SPI flash memory chip where the UEFI firmware is stored and to turn off the UEFI Secure Boot feature.

Successful exploitation of a third one, could allow a local attacker to execute arbitrary code with elevated privileges.

All three vulnerabilities were discovered by ESET researchers and reported responsibly to Lenovo in October last year. They affect more than 100 consumer laptop models, including IdeaPad 3, Legion 5 Pro-16ACH6 H, and Yoga Slim 9-14ITL05, which likely translates to millions of users with vulnerable devices.

UEFI implants are hard to detect

ESET has provided a detailed technical analysis of the three vulnerabilities uncovered noting that “UEFI threats can be extremely stealthy and dangerous” because they execute “early in the boot process, before transferring control to the operating system.”

This means that most mitigations and security solutions active at the OS level are useless and payload execution is almost unavoidable and undetectable.

Detecting them is possible, although the process requires more advanced techniques like UEFI integrity checks, analyzing the firmware in real time, or monitoring the firmware behavior and the device for suspicious activity.

To protect against attacks stemming from the above vulnerabilities, Lenovo recommends users of affected devices update the system firmware version to the latest available.

Original Post: Lenovo UEFI firmware driver bugs affect over 100 notebook models