Lenovo Fixes Widespread UEFI Code Execution Vulnerability


In order to let customers, know that more than 70 of its laptops are vulnerable to a UEFI/BIOS flaw that could result in arbitrary code execution, Lenovo has prepared a security alert.

Three buffer overflow flaws were found by researchers at the cybersecurity company ESET, and if an attacker has local access to a Lenovo device that is vulnerable, they might be used to execute arbitrary code. Lenovo claims that just one of the vulnerabilities, CVE-2022-1892, affects all devices, and that the other two only affect a small number of laptops.

Retbleed is a new speculative execution exploit affecting devices with Intel and AMD CPUs, and Lenovo has also warned users about it. A couple of vulnerabilities affecting numerous products that use the XClarity Controller server management engine have also been addressed in an advisory from the firm.

Read More: https://www.securityweek.com/lenovo-patches-uefi-code-execution-vulnerability-affecting-many-laptops