Blog

September 22, 2022

Lenovo Issues Important Update

Written By Securafy Team

Lenovo issued a security notice informing customers of multiple serious BIOS vulnerabilities affecting hundreds of Lenovo devices across various models (Desktop, All in One, IdeaCentre, Legion, ThinkCentre, ThinkPad, ThinkAgile, ThinkStation, ThinkSystem).

Exploiting the vulnerabilities might result in the disclosure of sensitive information, an increase in privileges, a denial of service, and possibly even the execution of arbitrary code in some situations.

The following are the six flaws detailed in Lenovo's security advisory:

  • CVE-2021-28216: Fixed pointer flaw in TianoCore EDK II BIOS (reference implementation of UEFI), allowing an attacker to elevate privileges and execute arbitrary code.
  • CVE-2022-40134: Information leak flaw in the SMI Set Bios Password SMI Handler, allowing an attacker to read SMM memory.
  • CVE-2022-40135: Information leak vulnerability in the Smart USB Protection SMI Handler, allowing an attacker to read SMM memory.
  • CVE-2022-40136: Information leak flaw in SMI Handler used for configuring platform settings over WMI, enabling an attacker to read SMM memory.
  • CVE-2022-40137: Buffer overflow in the WMI SMI Handler, enabling an attacker to execute arbitrary code.
  • American Megatrends security enhancements (no CVEs).

The problems have been resolved in the most recent BIOS upgrades that Lenovo has released for the affected models.

The majority of patches have been accessible since July and August of 2022.

Additional patches are anticipated to be released by the end of September and October. In addition, a limited number of models will receive updates in the following year.

The security alert contains a comprehensive list of the affected computer models, the BIOS firmware version that mitigates each vulnerability, and download links for each model.

Lenovo device owners can also go to the "Drivers & Software" website, search for their device by name, select the "Manual Update" option and then download the most recent version of the BIOS firmware.

Picture of Securafy Team
About The Author
Our team at Securafy brings you the best tech tips, from how-to guides and troubleshooting advice to software reviews and productivity hacks. We're all about empowering businesses with the tools and knowledge they need to thrive in the digital world. Follow our posts to stay equipped with practical insights that make tech work for you.

Join the Conversation

Subscribe to our newsletter

Sign up for our FREE "Cyber Security Tip of the Week!" and always stay one step ahead of hackers and cyber-attacks.