Over 70 Lenovo laptops models impacted by the new UEFI firmware flaws

The Unified Extensible Firmware Interface (UEFI) used in several Lenovo laptops is vulnerable to three buffer overflow vulnerabilities that can enable attackers to hijack the startup routine of Windows installations.

Lenovo has issued a security advisory uncovering three medium severity vulnerabilities tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892.

The first issue is in the ReadyBootDxe driver used in some Lenovo notebook products, whereas as the last two are buffer overflow bugs in the SystemLoadDefaultDxe driver.

This second driver is used in the Yoga, IdeaPad, Flex, ThinkBook, V14, V15, V130, Slim, S145, S540, and S940 Lenovo lines, impacting over 70 individual models.

According to ESET, whose analysts found the three bugs and reported them to Lenovo, an attacker could leverage them to hijack the OS execution flow and disable security features.

“These vulnerabilities were caused by insufficient validation of DataSize parameter passed to the UEFI Runtime Services function GetVariable,” explains ESET Research in a tweet.

“An attacker could create a specially crafted NVRAM variable, causing buffer overflow of the Data buffer in the second GetVariable call.”

“UEFI firmware attacks are extremely dangerous because they enable threat actors to run malware early in an operating system’s boot process, even before Windows built-in security protections are activated,” a source as per Bleeping Computer.