In order to let customers, know that more than 70 of its laptops are vulnerable to a UEFI/BIOS flaw that could result in arbitrary code execution, Lenovo has prepared a security alert.
Three buffer overflow flaws were found by researchers at the cybersecurity company ESET, and if an attacker has local access to a Lenovo device that is vulnerable, they might be used to execute arbitrary code. Lenovo claims that just one of the vulnerabilities, CVE-2022-1892, affects all devices, and that the other two only affect a small number of laptops.
Retbleed is a new speculative execution exploit affecting devices with Intel and AMD CPUs, and Lenovo has also warned users about it. A couple of vulnerabilities affecting numerous products that use the XClarity Controller server management engine have also been addressed in an advisory from the firm.