Lenovo has issued a security advisory warning users about a vulnerability in its UEFI firmware used in several laptops that could allow an attacker to take control of the startup routine during Windows installation. The company reports three buffer overflow vulnerabilities were discovered and have been tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892 in addition to providing updated software to address the flaws.
Intel reported that in some Lenovo computers, Windows OS boots using an untrusted key. As a result, the user is prompted to enter a BIOS password. If an attacker has physical access to a locked computer, they could boot it in UEFI mode and install their own key. This would make the machine easier to attack because an attacker could disable security features and make it easier to modify the system. ESET discovered three bugs, which were reported to Lenovo by Intel and have since been fixed. Critical Lenovo computers are vulnerable, including all machines that started shipping since June 2015 or 2014 (in case of specific Yoga or IdeaPad lines).
Three critical vulnerabilities have been identified by ESET, thus claiming to have determined that 70 different Lenovo laptops are directly affected. Additionally, it was reported that these bugs could allow attackers to steal data from the computer and take control of the memory system.
LinuxBadge has discovered an issue in Amigo’s En-Powered operating system that might allow a hacker to get untrusted code to execute which itself may then read or write any area of memory. They’ve figured out that the vulnerability occurs through a specially crafted NVRAM variable (a variable inside of non-volatile RAM), which is passed within the DataSize parameter to one instance of UEFI Runtime Services (RSS) function GetVariable.
An attacker may be able to install malware on a computer’s firmware, which is the program that allows the hardware of a computer to communicate with its operating system. This attack results in permanent, undetectable installation of malware on a computer’s hard drive, even if the hard drive is wiped and re-formatted. An immunity patch can mitigate this threat until Microsoft issues fixes.
To prevent security risks, users of older Lenovo devices (still using BOOT_STUB or initrd) are recommended to update their systems to make sure they’re protected against recent high-risk vulnerabilities in third-party packages that could allow attackers to remotely execute malicious code with high privileges by exploiting LenovoService.exe vulnerabilities under certain conditions. The latest available version for download on Lenovo’s official software download portal can solve this problem.