| Thread Tools |
15th July 2022, 07:38 | #1 |
[M] Reviewer Join Date: May 2010 Location: Romania
Posts: 149,058
| Lenovo warns of UEFI/BIOS vulnerability On 70 of its laptops Lenovo has released a security advisory to inform customers that more than 70 of its laptops are affected by a UEFI/BIOS vulnerability that can lead to arbitrary code execution. Cybersecurity outfit ESET discovered a total of three buffer overflow vulnerabilities that can allow an attacker with local privileges to affected Lenovo devices to execute arbitrary code. Lenovo says only one of the vulnerabilities (CVE-2022-1892) impacts every device, while the other two impact only a handful of laptops. "The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features," ESET explained. "These vulnerabilities were caused by insufficient validation of DataSize parameter passed to the UEFI Runtime Services function GetVariable. An attacker could create a specially crafted NVRAM variable, causing buffer overflow of the Data buffer in the second GetVariable call," it said. https://fudzilla.com/news/55150-leno...-vulnerability |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
AMD Releases BIOS for Radeon VII with UEFI GOP | Stefan Mileschin | WebNews | 0 | 12th February 2019 08:30 |
How to Enable Intel VT-x in Your Computer’s BIOS or UEFI Firmware | Stefan Mileschin | WebNews | 0 | 10th April 2015 10:25 |
How to Secure Your Computer With a BIOS or UEFI Password | Stefan Mileschin | WebNews | 0 | 4th April 2014 06:34 |
What You Need to Know About Using UEFI Instead of the BIOS | Stefan Mileschin | WebNews | 0 | 18th November 2013 12:43 |
Phoenix Technologies Launches EDK II Compatible UEFI BIOS | Stefan Mileschin | WebNews | 0 | 29th November 2012 09:29 |
American Megatrends Introduces New Aptio V UEFI BIOS Firmware | Stefan Mileschin | WebNews | 0 | 8th October 2012 07:49 |
ASRock UEFI BIOS Gets Web-Update Feature | Stefan Mileschin | WebNews | 0 | 19th July 2012 07:43 |
GIGABYTE 3D BIOS With Dual UEFI BIOS | Stefan Mileschin | WebNews | 0 | 9th November 2011 11:33 |
Know-How: UEFI - Only graphical BIOS or more? @ ocaholic | Stefan Mileschin | WebNews | 0 | 20th October 2011 06:46 |
MSI's Click BIOS - Evaluating UEFI | jmke | WebNews | 0 | 19th January 2009 15:57 |
Thread Tools | |
| |