A security researcher at ESET, Martin Smolár, discovered three new security vulnerabilities in Lenovo laptops which can lead to local privilege escalation (LPE) attacks. The flaws impact several popular consumer Lenovo notebook models from the popular IdeaPad lineup as well as the Lenovo Legion gaming lineup. There are are also other models affected by this issue.
One of the vulnerabilites exploits the System Management Interrupt (SMI) handler that is responsible for creating system error logs. The two other issues exploit insecure non-volatile RAM (NVRAM) setup. Here's how Lenovo describes the security vulnerabilites given under their assigned CVE IDs:
The following vulnerabilities were reported in Lenovo Notebook BIOS.
- CVE-2021-3970: A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.
- CVE-2021-3971: A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable.
- CVE-2021-3972: A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
Here is the full list of affected device models (click to enlarge) along with their corresponding UEFI firmware updates that mitigate the three vulnerabilities:
Please note that some of the firmware patches are scheduled for release next month on the 10th, so keep an eye on your laptop model's support page during that time.