More than two dozen Lenovo laptop models are vulnerable to a hack that disables UEFI Secure Boot and then runs unsigned code or blocks the device from booting.
Researchers at ESET uncovered the vulnerability and announced it on November 9, one day after the laptop manufacturer released security updates for the 25 device models listed here . Owners of laptops from the list are strongly advised to update the UEFI of their devices. At the same time, Lenovo fixed only two of the three vulnerabilities.
ESET stated that the vulnerabilities designated as CVE-2022-3430, CVE-2022-3431 and CVE-2022-3432 allow you to disable UEFI Secure Boot or rollback Secure Boot databases to factory state directly from the operating system. Disabling or restoring databases to their defaults allows an attacker to remove restrictions that are normally in place.
The discovered vulnerabilities can be exploited by modifying variables in NVRAM, which stores various boot parameters. The vulnerabilities are the result of Lenovo erroneously shipping laptops with drivers intended for production use only. A more detailed description of each of the vulnerabilities:
- CVE-2022-3430: A potential vulnerability in the WMI configuration driver on some Lenovo consumer laptops could allow an elevated attacker to change Secure Boot settings by modifying the NVRAM variable.
- CVE-2022-3431: A potential vulnerability in a driver used during manufacturing on some Lenovo consumer laptops that was mistakenly not deactivated could allow an elevated attacker to change the Secure Boot setting by modifying the NVRAM variable.
- CVE-2022-3432: A potential vulnerability in a driver used in the manufacturing process of the Ideapad Y700-14ISK laptop that was mistakenly not deactivated could allow an elevated attacker to change the Secure Boot setting by modifying the NVRAM variable.
Lenovo fixed only the first two vulnerabilities. CVE-2022-3432 will not be fixed as the company has not supported the Ideapad Y700-14ISK laptop model for several years.
Source: Ars Technica