Madshrimps Forum Madness

Madshrimps Forum Madness (https://www.madshrimps.be/vbulletin/)
-   WebNews (https://www.madshrimps.be/vbulletin/f22/)
-   -   Lenovo warns of UEFI/BIOS vulnerability (https://www.madshrimps.be/vbulletin/f22/lenovo-warns-uefi-bios-vulnerability-216075/)

Stefan Mileschin 15th July 2022 07:38
Lenovo warns of UEFI/BIOS vulnerability
 
On 70 of its laptops

Lenovo has released a security advisory to inform customers that more than 70 of its laptops are affected by a UEFI/BIOS vulnerability that can lead to arbitrary code execution.

Cybersecurity outfit ESET discovered a total of three buffer overflow vulnerabilities that can allow an attacker with local privileges to affected Lenovo devices to execute arbitrary code.

Lenovo says only one of the vulnerabilities (CVE-2022-1892) impacts every device, while the other two impact only a handful of laptops.

"The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features," ESET explained.

"These vulnerabilities were caused by insufficient validation of DataSize parameter passed to the UEFI Runtime Services function GetVariable. An attacker could create a specially crafted NVRAM variable, causing buffer overflow of the Data buffer in the second GetVariable call," it said.

https://fudzilla.com/news/55150-leno...-vulnerability


All times are GMT +1. The time now is 17:07.

Powered by vBulletin® - Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO