Cyber Security Application Security CVE-2021-3452 - Lenovo patches a vulnerability affecting dozens of...

CVE-2021-3452 – Lenovo patches a vulnerability affecting dozens of ThinkPad models

-

Lenovo has released information on three BIOS vulnerabilities in two desktop models and approximately 60 different notebook computers.

The first issue, identified as CVE-2021-3452, threatens dozens of ThinkPad models. It is associated with the SMI callback function at system shutdown and can be used by a local attacker who already has elevated privileges on the device to execute arbitrary code. BIOS updates for more than 30 ThinkPad models are already in the pipeline, and the company plans to begin rolling out patches on July 28.

Five more ThinkPad models are not affected by the first vulnerability, but they may suffer from the CVE-2021-3453 problem, which occurs due to the fact that BIOS modules are not protected by Intel Boot Guard, that is, an attacker with physical access to vulnerable devices can write data to SPI flash memory.

Lenovo says it has already released BIOS updates for vulnerable ThinkPads, but is still working on patches for 13 other laptop models. This bug also affects two IdeaCentre desktop models, which should be patched on September 30th.

The third vulnerability, CVE-2021-3614, only affects Lenovo laptops and allows an attacker who has physical access to the device to elevate their privileges. This can only be done under certain conditions during a BIOS update performed through Lenovo Vantage.

This vulnerability is dangerous for 21 laptop models, but fixes have been released for only two of them so far. A BIOS update for another model is due this week, but Lenovo has not disclosed an estimated patch date for other devices.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you