Login Register






SMTPMart - Buy Inbox SMTP | Leads | Shell | cPanel 100% Bonus on 1st deposit | Instant Refunds
ProxyByte $2/GB | Residential IPv4 - No Logs - 26M+ IPs - All unblocked
REFUNDING.GG | #1 REFUND SERVICE | SAME DAY REFUNDS | WORLDWIDE ORDERS | GET ITEMS 85% OFF
Back Online - Site Sold to a New Owner!
The issue regarding searched threads returning 404s has been fixed. My apologies. - NekoElf
Thread Rating:
  • 0 Vote(s) - 0 Average


[Infosec] Lenovo UEFI vulnerabilities found filter_list
Author
Message
ConcernedCitizen Offline
Cybersecurity Intelligence
 *****
Registered (Gold)
Three Years of Service
Posts: 723
Threads: 61
Reputation: 35
Currency: 205 NSP
Gold
[Infosec] Lenovo UEFI vulnerabilities found 04-24-2022, 10:38 PM #1
Quote:ESET researchers have discovered and analyzed three vulnerabilities affecting various Lenovo consumer laptop models. The first two of these vulnerabilities – CVE-2021-3971, CVE-2021-3972 – affect UEFI firmware drivers originally meant to be used only during the manufacturing process of Lenovo consumer notebooks. Unfortunately, they were mistakenly included also in the production BIOS images without being properly deactivated. These affected firmware drivers can be activated by attacker to directly disable SPI flash protections (BIOS Control Register bits and Protected Range registers) or the UEFI Secure Boot feature from a privileged user-mode process during OS runtime. It means that exploitation of these vulnerabilities would allow attackers to deploy and successfully execute SPI flash or ESP implants, like LoJax or our latest UEFI malware discovery ESPecter, on the affected devices.

...

In addition, while investigating above mentioned vulnerable drivers, we discovered the third vulnerability: SMM memory corruption inside the SW SMI handler function (CVE-2021-3970). This vulnerability allows arbitrary read/write from/into SMRAM, which can lead to the execution of malicious code with SMM privileges and potentially lead to the deployment of an SPI flash implant.

...

We reported all discovered vulnerabilities to Lenovo on October 11th, 2021. Altogether, the list of affected devices contains more than one hundred different consumer laptop models with millions of users worldwide, from affordable models like Ideapad-3 to more advanced ones like Legion 5 Pro-16ACH6 H or Yoga Slim 9-14ITL05. The full list of affected models with active development support is published in the Lenovo Advisory.
https://www.welivesecurity.com/2022/04/1...r-laptops/
(This post was last modified: 04-24-2022, 10:40 PM by ConcernedCitizen.)
ed25519/0x21AB6B6A6CB2C337
C87D87466FD205945CF10A3821AB6B6A6CB2C337

Website
Reply

mothered Offline
Nevermind how, I will login
 *******
Registered (Diamond)
Twelve Years of Service
Posts: 72,627
Threads: 307
Reputation: 493
Currency: 50,359 NSP
GoldCookieTurkeyPower PosterReputableLegendaryStaffGolden StaffLovedHammer
RE: [Infosec] Lenovo UEFI vulnerabilities found 04-25-2022, 02:55 AM #2
The vulnerabilities are critical.

Hopefully each one will be attended to In a very timely manner.
[Image: AD83g1A.png]

Reply

ConcernedCitizen Offline
Cybersecurity Intelligence
 *****
Registered (Gold)
Three Years of Service
Posts: 723
Threads: 61
Reputation: 35
Currency: 205 NSP
Gold
RE: [Infosec] Lenovo UEFI vulnerabilities found 04-25-2022, 03:13 AM #3
They are executed early in the boot process, before transferring control to the operating system, which means that they can bypass almost all security measures and mitigations higher in the stack that could prevent their operating system payloads from being executed.

Updates will be pushed according to Lenovo in around May, at the earliest.
https://support.lenovo.com/gb/en/product.../len-73440
(This post was last modified: 04-25-2022, 03:16 AM by ConcernedCitizen.)
ed25519/0x21AB6B6A6CB2C337
C87D87466FD205945CF10A3821AB6B6A6CB2C337

Website
Reply







Users browsing this thread: 3 Guest(s)