Lenovo patches UEFI firmware vulnerabilities impacting millions of users


Lenovo has patched a trio of bugs that could be abused to perform UEFI attacks.

Discovered by ESET researcher Martin Smolár, the vulnerabilities, assigned as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, could be exploited to “deploy and successfully execute UEFI malware either in the form of SPI flash implants like LoJax or ESP implants like ESPecter” in the Lenovo Notebook BIOS.

Read more…
Source: ZDNet