New UEFI Firmware Flaws Reported in Several Lenovo Notebook Models


The Unified Extensible Firmware Interface (UEFI) firmware flaws affecting a number of Lenovo’s Yoga, IdeaPad, and ThinkBook devices have once again been fixed. Slovak cybersecurity company ESET stated through a series of tweets that “the vulnerabilities allow deactivating UEFI Secure Boot or restoring factory default Secure Boot databases (incl. dbx): everything simply from an OS.”

In light of this, the vulnerabilities, identified as CVE-2022-3430, CVE-2022-3431, and CVE-2022-3432, may be exploited by an attacker to disable Secure Boot, a security feature intended to stop malicious programmes from loading during the boot process.

Read More…