If you also use a Lenovo laptop, this news may bother you. In fact, Lenovo itself has revealed that over 70 of its laptop models are vulnerable to UEFI/BIOS bugs, which can lead to arbitrary code execution in security alerts. Researchers from cybersecurity company ESET have found three buffer overflow flaws. According to ESET’s tweet, these flaws can be used to execute arbitrary code during the platform boot process, giving attackers the ability to control the flow of OS execution and disable critical security mechanisms. See the list of 70 affected models below…
They stated: “Improper validation of the dataSize parameter passed to the UEFI Runtime Services GetVariable method was the root cause of these failures. An attacker could have created a specially constructed NVRAM variable, causing a data buffer overflow in one second.” GetVariable call.” It is.” Retbleed is a new execution code that affects devices with Intel and AMD CPUs, and Lenovo has warned users about it.
These defects can affect
The company also failed to report some flaws affecting many products that use the XClarity Controller server management engine. These bugs can give authorized users the ability to disrupt services or make unauthorized connections to insiders.
Also read: now chatting will be doubly fun: many new emoji are coming, see which one is your favorite
Faults found in third party components
Firmware crashes are a common occurrence. Researchers have found flaws in third-party components used by many manufacturers, even if some of them are exclusively for single-vendor products. For example, the InsydeH2O UEFI firmware code is used by more than 25 vendors such as HP, Lenovo, Fujitsu, Microsoft, Intel, Dell, Bull, and Siemens, and was recently shown to contain more than two dozen flaws.
It may take a while for manufacturers to take action and reach millions of end users, although Insyde Software, the company that makes InsydeH2O, fixed the flaws as soon as Binarly contacted them. Customers have recently been informed of the existence of remedies for these problems by the manufacturer of modular and upgradeable laptops.
See the list of 70 affected models here
If you are a Lenovo laptop user then immediately go for this Link Check if your device model is also included in the 70 affected models by using .