Table of Contents
  • Home
  • /
  • Blog
  • /
  • How To Fix The Three Buffer Overflow Vulnerabilities In Lenovo BIOS
July 14, 2022
|
14m

How To Fix The Three Buffer Overflow Vulnerabilities In Lenovo BIOS


How To Fix The 3 Buffer Overflow Vulnerabilities In Lenovo Bios

Martin Smolár, a security researcher from ESET, has disclosed 3 buffer overflow vulnerabilities in Lenovo BIOS. The vulnerability is impacting multiple Lenovo Notebook devices including several ThinkBook models leaving millions of laptops vulnerable. These vulnerabilities enable advisories to hijack the OS execution flow and disable some important security features on the affected devices. This helps threat actors to achieve arbitrary code execution in the early phases of the platform boot. It is highly important for all the Lenovo Laptop holders to be aware of these three buffer overflow vulnerabilities. We created this post that tells how to fix these three buffer overflow vulnerabilities in Lenovo BIOS.

The vendor has published advisory for the second time since the beginning of the year. The first set of three vulnerabilities Lenovo fixed are CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, vulnerabilities enable advisories to deploy and execute malicious firmware on the affected devices.

A Small Note On UEFI vs BIOS:

Sometimes, you may get confused between UEFI and BIOS. Here is a small note that lets you know the difference between UEFI and BIOS in simple words.

UEFI stands for Unified Extensible Firmware Interface and is essentially a software program that sits on top of your computer’s hardware and provides an interface between the operating system and the hardware. UEFI is the successor to BIOS, offering a more modern interface as well as additional features and capabilities.

BIOS, on the other hand, stands for Basic Input/Output System. It is a ROM chip that stores information about your computer’s hardware and how it should be configured. The BIOS is responsible for booting up your computer, and it generally does not offer as many features or capabilities as UEFI.

So, UEFI is a more modern version of BIOS that offers additional features and capabilities. It is not required on all computers, but it is becoming more common. If your computer has UEFI, you will likely see a UEFI options menu when you boot up the computer that will allow you to change UEFI settings.

The Three Buffer Overflow Vulnerabilities In Lenovo BIOS:

On July 13, 2022, Martin Smolár, a security researcher from ESET tweeted about the three flaws to the PC manufacturer. The following is a summary of the three buffer overflow vulnerabilities as outlined by Lenovo.

CVE-2022-1890: This is a buffer overflow vulnerability in the ReadyBootDxe driver in some Lenovo notebook models which would allow an attacker with local privileges to execute arbitrary code on the affected devices. The flaw is due to an insufficient validation of an NVRAM variable called “DataSize” in the ReadyBootDxe driver resulting in a buffer overflow.

CVE-2022-1891: This is a buffer overflow vulnerability in the SystemLoadDefaultDxe driver in some Lenovo notebook models which would allow an attacker with local privileges to execute arbitrary code on the affected devices. The flaw is due to an insufficient validation of an NVRAM variable called “DataSize” in the SystemLoadDefaultDxe driver resulting in a buffer overflow.

CVE-2022-1892: This is a buffer overflow vulnerability in the SystemBootManagerDxe driver in some Lenovo notebook models which would allow an attacker with local privileges to execute arbitrary code on the affected devices. The flaw is due to an insufficient validation of an NVRAM variable called “DataSize” in the SystemBootManagerDxe driver resulting in a buffer overflow.

How To Fix The Three Buffer Overflow Vulnerabilities In Lenovo BIOS?

Upgrading the BIOS firmware is the best way to fix these new vulnerabilities in Lenovo Laptops.BIOS can be updated in three different ways in Lenovo Laptops.

Automatic Updates

WinFlash

Update BIOS from Windows

Method 1: Automatic Update

Update Lenovo drivers, BIOS, and applications using Lenovo System Update. Lenovo System Update is the latest program that can be used to update your Lenovo laptop drivers and other software. It can also detect when there are new versions of the BIOS and automatically install them.

To check if your Lenovo laptop has this feature, go to Start Menu > Control Panel > System and Security. Click on “System” and then click on “Advanced system settings.” On the left panel, click on “Advanced” and then click on “Update BIOS.”

If you see the “Update BIOS” option, your Lenovo laptop has the Lenovo System Update feature. If you don’t see this option, your Laptop doesn’t have this feature, and you’ll need to install the BIOS updates manually.

Method 2: WinFlash

  1. Download the most recent BIOS to your Windows desktop for easier usage. To locate and download the BIOS, follow these steps: Open the Lenovo support website (support.lenovo.com).

  2. Enter the system machine type or product name. On the product page, click Drivers & Software. Filter by BIOS/UEFI, and choose the corresponding OS information.

  3. Follow the instructions in the readme file to download and install the BIOS. Right-click on the BIOS flash package and select Run as administrator.

  4. A self-extracting window will appear on Windows, and you should click the Install button. Then click on the Flash BIOS button. A caution screen will appear to notify users to connect the system’s power outlet and supply additional flash information.

  5. Select the OK button. The BIOS update flashing program will automatically run. Please wait until the BIOS update flashing program has finished installation. When the BIOS update is completed, your computer reboots automatically.

Method 3: Update BIOS From Windows

Updating BIOS from Windows is simple and straight. Steps to update system BIOS in Lenovo Laptops:

  1. Visit the official Lenovo website and download the BIOS update file.

  2. Extract the downloaded file to a folder on your computer.

  3. Double-click on the extracted BIOS file to launch the update process.

  4. Follow the on-screen instructions to complete the BIOS update process.

  5. Restart your computer and check if the BIOS update is successful.

These are the steps to update the system BIOS in Lenovo Laptops. Following these steps should help you update your BIOS successfully. In case you face any issues, please reach out to the Lenovo support team for assistance.

List Of Lenovo Laptops Vulnerable To CVE-2022-1890, CVE-2022-1891, And CVE-2022-1892:

Lenovo has verified its Laptop modules and published the vulnerable models in its advisory report. Please don’t miss seeing the list from here. Click here for a complete list of all Lenovo Product Security Advisories.

ProductComponentCVE-2022-1890CVE-2022-1891CVE-2022-1892
100e 2nd Gen Notebook (Lenovo) (Type 82GJ)BIOS Update for Windows 10 (64-bit) – Lenovo 100e 2nd Gen (MT:82GJ), Lenovo 300e 2nd Gen (MT:82GK)Not AffectedNot AffectedFRCN23WW
100w Gen 3 Laptop (Lenovo)BIOS Update for Windows 10 (64-bit) – 100w Gen 3, 300w Gen 3Not AffectedNot AffectedGACN38WW
13w Yoga (Type 82S1, 82S2) Laptop (Lenovo)BIOS Update Utility for Windows 11 (Version 21H2 or later), 10 (Version 21H2 or later) – Lenovo 13w Yoga (Type 82S1, 82S2)Not AffectedNot AffectedJACN31WW
14W Gen 2 Laptop (Lenovo)BIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – Lenovo 14W Gen 2Not AffectedNot AffectedH0CN21WW
300e 2nd Gen Notebook (Lenovo) (Type 82GK)BIOS Update for Windows 10 (64-bit) – Lenovo 100e 2nd Gen (MT:82GJ), Lenovo 300e 2nd Gen (MT:82GK)Not AffectedNot AffectedFRCN23WW
300w Gen 3 Laptop (Lenovo)BIOS Update for Windows 10 (64-bit) – 100w Gen 3, 300w Gen 3Not AffectedNot AffectedGACN38WW
500w Gen 3 Laptop (Lenovo)BIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – Lenovo 500w Gen 3Not AffectedNot AffectedG6CN40WW
730S-13IML Laptop (ideapad)BIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – Yoga S730-13IML,ideapad 730S-13IMLNot AffectedNot AffectedBRCN20WW
Flex 3-11ADA05 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – Flex 3-11ADA05Not AffectedNot AffectedFPCN26WW
Flex 5-14ALC05 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – Flex 5 14ALC05, Flex 5 15ALC05Not AffectedNot AffectedGJCN27WW
Flex 5-14ARE05 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – Flex 5-14ARE05Not AffectedNot AffectedEECN39WW
Flex 5-14IIL05 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – Flex 5-14IIL05, Flex 5-15IIL05Not AffectedNot AffectedECCN40WW
Flex 5-14ITL05 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – Flex 5-14ITL05, Flex 5-15ITL05Not AffectedNot AffectedFXCN38WW
Flex 5-15ALC05 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – Flex 5 14ALC05, Flex 5 15ALC05Not AffectedNot AffectedGJCN27WW
Flex 5-15IIL05 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – Flex 5-14IIL05, Flex 5-15IIL05Not AffectedNot AffectedECCN40WW
Flex 5-15ITL05 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – Flex 5-14ITL05, Flex 5-15ITL05Not AffectedNot AffectedFXCN38WW
IdeaPad 1-11ADA05 LaptopBIOS Update for Windows 10 (64-bit) – ideapad 1-11ADA05, ideapad 1-14ADA05Not AffectedNot AffectedFQCN26WW
IdeaPad 1-11IGL05 LaptopBIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – ideapad 1-11IGL05, ideapad 1-14IGL05Not AffectedNot AffectedDWCN24WW
IdeaPad 1-14ADA05 LaptopBIOS Update for Windows 10 (64-bit) – ideapad 1-11ADA05, ideapad 1-14ADA05Not AffectedNot AffectedFQCN26WW
IdeaPad 1-14IGL05 LaptopBIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – ideapad 1-11IGL05, ideapad 1-14IGL05Not AffectedNot AffectedDWCN24WW
IdeaPad 3 15ADA05 LaptopBIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – V14-ADA, V15-ADA, ideapad 3-14ADA05, ideapad 3-15ADA05, ideapad 3-17ADA05Not AffectedNot AffectedE8CN36WW
IdeaPad 3-14ADA05 LaptopBIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – V14-ADA, V15-ADA, ideapad 3-14ADA05, ideapad 3-15ADA05, ideapad 3-17ADA05Not AffectedNot AffectedE8CN36WW
IdeaPad 3-14ADA6 LaptopBIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – IdeaPad 3-14ADA6, IdeaPad 3-15ADA6, IdeaPad 3-17ADA6Not AffectedNot AffectedHBCN24WW
IdeaPad 3-14ALC6 LaptopBIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – ideapad 3-14ALC6, ideapad 3-15ALC6, ideapad 3-17ALC6, V14 G2-ALC, V15 G2-ALCNot AffectedNot AffectedGLCN48WW
IdeaPad 3-15ADA6 LaptopBIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – IdeaPad 3-14ADA6, IdeaPad 3-15ADA6, IdeaPad 3-17ADA6Not AffectedNot AffectedHBCN24WW
IdeaPad 3-15ALC6 LaptopBIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – ideapad 3-14ALC6, ideapad 3-15ALC6, ideapad 3-17ALC6, V14 G2-ALC, V15 G2-ALCNot AffectedNot AffectedGLCN48WW
IdeaPad 3-17ADA05 LaptopBIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – V14-ADA, V15-ADA, ideapad 3-14ADA05, ideapad 3-15ADA05, ideapad 3-17ADA05Not AffectedNot AffectedE8CN36WW
IdeaPad 3-17ADA6 LaptopBIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – IdeaPad 3-14ADA6, IdeaPad 3-15ADA6, IdeaPad 3-17ADA6Not AffectedNot AffectedHBCN24WW
IdeaPad 3-17ALC6 LaptopBIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – ideapad 3-14ALC6, ideapad 3-15ALC6, ideapad 3-17ALC6, V14 G2-ALC, V15 G2-ALCNot AffectedNot AffectedGLCN48WW
IdeaPad 5 15ABA7BIOS Update for Windows 11 (64-bit) – IdeaPad 5 15ABA7Not AffectedNot AffectedKACN14WW
IdeaPad Flex 5 14ALC7 LaptopBIOS Update for Windows 11 (64-bit) – IdeaPad Flex 5 14ALC7, IdeaPad Flex 5 16ALC7Not AffectedNot AffectedJCCN29WW
IdeaPad Flex 5 16ALC7BIOS Update for Windows 11 (64-bit) – IdeaPad Flex 5 14ALC7, IdeaPad Flex 5 16ALC7Not AffectedNot AffectedJCCN29WW
Legion S7-15ACH6 Laptop (Lenovo)BIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – Legion S7-15ACH6Not AffectedNot AffectedHACN37WW
Legion S7-15ARH5 Laptop (Lenovo)BIOS Update for Windows 10 (64-bit) – Legion S7-15ARH5Not AffectedNot AffectedG1CN27WW
Legion S7-15IMH5 Laptop (Lenovo)BIOS Update for Windows 10 (64-bit) – Legion S7-15IMH5Not AffectedNot AffectedFDCN40WW
S145-14API Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – S145-14API, S145-15APINot AffectedNot AffectedBUCN33WW
S145-14AST Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – S145-14AST, S145-15ASTNot AffectedNot AffectedAYCN28WW
S145-15API Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – S145-14API, S145-15APINot AffectedNot AffectedBUCN33WW
S145-15AST Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – S145-14API, S145-15APINot AffectedNot AffectedBUCN33WW
S145-15AST Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – S145-14AST, S145-15ASTNot AffectedNot AffectedAYCN28WW
S540-13API Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – S540-13APINot AffectedNot AffectedCXCN36WW
S940-14IIL Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – Yoga S940-14IIL, ideapad S940-14IILNot AffectedNot AffectedBQCN34WW
Slim 1-11AST-05 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – Slim 1-11AST-05, Slim 1-14AST-05Not AffectedNot AffectedCWCN25WW
Slim 1-14AST-05 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – Slim 1-11AST-05, Slim 1-14AST-05Not AffectedNot AffectedCWCN25WW
ThinkBook 13s G2 ARE LaptopBIOS Update for Windows 10 (64-bit) – ThinkBook 13s G2 ARENot AffectedNot AffectedFVCN24WW
ThinkBook 13s G2 ITL LaptopBIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – ThinkBook 13s G2 ITL, ThinkBook 14s G2 ITLNot AffectedNot AffectedF9CN50WW
ThinkBook 13s G3 ACN LaptopBIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – ThinkBook 13s G3 ACNNot AffectedNot AffectedGMCN29WW
ThinkBook 13s-IML LaptopBIOS Update for Windows 10 (64-bit) – ThinkBook 13s-IML, ThinkBook 14s-IMLNot AffectedNot AffectedCQCN37WW
ThinkBook 14-IIL LaptopBIOS Update for Windows 10 (64-bit) – ThinkBook 14-IIL, ThinkBook 15-IILDJCN28WWDJCN28WWDJCN28WW
ThinkBook 14-IML LaptopBIOS Update for Windows 10 (64-bit) – ThinkBook 14-IML, ThinkBook 15-IMLCJCN38WWCJCN38WWCJCN38WW
ThinkBook 14p G2 ACH LaptopBIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – ThinkBook 14p G2 ACHNot AffectedNot AffectedGWCN41WW
ThinkBook 14s G2 ITL LaptopBIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – ThinkBook 13s G2 ITL, ThinkBook 14s G2 ITLNot AffectedNot AffectedF9CN50WW
ThinkBook 14s-IML LaptopBIOS Update for Windows 10 (64-bit) – ThinkBook 13s-IML, ThinkBook 14s-IMLNot AffectedNot AffectedCQCN37WW
ThinkBook 15-IIL LaptopBIOS Update for Windows 10 (64-bit) – ThinkBook 14-IIL, ThinkBook 15-IILDJCN28WWDJCN28WWDJCN28WW
ThinkBook 15-IML LaptopBIOS Update for Windows 10 (64-bit) – ThinkBook 14-IML, ThinkBook 15-IMLCJCN38WWCJCN38WWCJCN38WW
ThinkBook 16p G2 ACH LaptopBIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – ThinkBook 16p G2 ACHNot AffectedNot AffectedGXCN42WW
V130-15IKB Laptop (Lenovo)BIOS Update for Windows 10 (64-bit) – V130-15IKBNot AffectedNot Affected8VCN31WW
V14 G2-ALC Laptop (Lenovo)BIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – ideapad 3-14ALC6, ideapad 3-15ALC6, ideapad 3-17ALC6, V14 G2-ALC, V15 G2-ALCNot AffectedNot AffectedGLCN48WW
V14-ADA Laptop (Lenovo)BIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – V14-ADA, V15-ADA, ideapad 3-14ADA05, ideapad 3-15ADA05, ideapad 3-17ADA05Not AffectedNot AffectedE8CN36WW
V15 G2-ALC Laptop (Lenovo)BIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – ideapad 3-14ALC6, ideapad 3-15ALC6, ideapad 3-17ALC6, V14 G2-ALC, V15 G2-ALCNot AffectedNot AffectedGLCN48WW
V15-ADA Laptop (Lenovo)BIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – V14-ADA, V15-ADA, ideapad 3-14ADA05, ideapad 3-15ADA05, ideapad 3-17ADA05Not AffectedNot AffectedE8CN36WW
Yoga 9-15IMH5 Laptop (Lenovo)BIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – Yoga 9-15IMH5Not AffectedNot AffectedEPCN28WW
Yoga C640-13IML LTE Laptop (Lenovo)BIOS Update for Windows 10 (64-bit) – Yoga C640-13IML, Yoga C640-13IML LTECHCN28WWCHCN28WWCHCN28WW
Yoga C640-13IML Laptop (Lenovo)BIOS Update for Windows 10 (64-bit) – Yoga C640-13IML, Yoga C640-13IML LTECHCN28WWCHCN28WWCHCN28WW
Yoga C940-15IRH Laptop (ideapad)BIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – Yoga C940-15IRHNot AffectedNot AffectedBSCN37WW
Yoga S730-13IML Laptop (Lenovo)BIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – Yoga S730-13IML,ideapad 730S-13IMLNot AffectedNot AffectedBRCN20WW
Yoga S940-14IIL Laptop (Lenovo)BIOS Update for Windows 10 (64-bit) – Yoga S940-14IIL, ideapad S940-14IILNot AffectedNot AffectedBQCN34WW
Yoga Slim 7 Pro-14ACH5 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – Yoga Slim 7 Pro-14ACH5, Yoga Slim 7 Pro-14ACH5 ONot AffectedNot AffectedGZCN29WW
Yoga Slim 7 Pro-14ACH5 O Laptop (ideapad)BIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – Yoga Slim 7 Pro-14ACH5, Yoga Slim 7 Pro-14ACH5 ONot AffectedNot AffectedGZCN29WW
Yoga Slim 7 Pro-14ARH5 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – Yoga Slim 7 Pro-14ARH5Not AffectedNot AffectedG7CN24WW
ideapad 5-15ALC05 LaptopBIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – IdeaPad 5-15ALC05Not AffectedNot AffectedH2CN27WW

We hope this post would help you know how to fix the three buffer overflow vulnerabilities In Lenovo BIOS. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, Medium & Instagram and subscribe to receive updates like this. 

You may also like these articles:

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Vulnerabilities

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe