High‑impact UEFI vulnerabilities discovered (again) in over a hundred of models of Lenovo consumer laptops

Yes, two of the drivers immediately caught attention by their very unfortunate (but surprisingly honest) names: SecureBackDoor and SecureBackDoorPeim. I also seem to recall Lenovo had a similar issue about 5 or 6 years ago, so not a first time.

Altogether, the list of affected devices contains more than one hundred different consumer laptop models with millions of users worldwide, from affordable models like Ideapad-3 to more advanced ones like Legion 5 Pro-16ACH6 H or Yoga Slim 9-14ITL05. The full list of affected models with active development support is published in the Lenovo Advisory.

Bottom line though is, if you have a consumer Lenovo device, you really want to check if there is a firmware update.

See https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops/

#technology #security #vulnerability #lenovo #backdoor