Lenovo security teams announced the detection of three vulnerabilities affecting the BIOS of approximately 60 models of laptops and notebooks. In its notice, the company claims to be working to release BIOS updates for more than 32 ThinkPad models and expects to begin rolling out the patches on July 28.

The first of these flaws was tracked as CVE-2021-3452 and resides in the ThinkPad models, specifically in the system shutdown SMI callback function and could be exploited by a local threat actor to execute arbitrary code.

Moreover, five ThinkPad models that are not affected by this vulnerability are impacted by CVE-2021-3453, a bug that exists because BIOS modules are not protected by Intel Boot Guard. A threat actor with physical access to the affected devices could write to SPI flash storage.

Lenovo has already released multiple BIOS updates for the affected ThinkPad devices, though its security teams are still working on security patches for 13 vulnerable laptop models. The flaws that have not been addressed also affect the ideacentre series desktops, which could be updated until the end of September.

Finally, the third vulnerability was tracked as CVE-2021-3614 and affects only Lenovo laptop models. Exploiting this flaw could allow local malicious hackers to perform a privilege escalation attack under certain circumstances and during a BIOS update.

This flaw resides in at least 21 laptop models, although so far only updates have been released to address the flaws in two of these computers. Lenovo had announced the release of an update for a vulnerable third computer, although that update remains unavailable.

For security, users are advised to stay on top of any new updates released by Lenovo, as well as visit the company’s official platforms to find detailed information on these flaws.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post CVE-2021-3452 privilege escalation vulnerability affects BIOS of 60 Lenovo laptops and 2 desktop computer models appeared first on Information Security Newspaper | Hacking News.

You May Also Like

Just few malicious packets allow to take control of Centos Web Panel 7 servers. Exploit PoC for RCE flaw published.

Control Web Panel, which was formerly known as CentOS Web Panel and…

New vulnerability on Mac provides full access to iCloud accounts, PayPal and more of the affected users, as well as granting access to their microphone, camera and screen. The greatest reward ever delivered by Apple

This week, a young cybersecurity researcher demonstrated how to hack the webcams…

Critical remote code execution vulnerability in Fail2ban. Protect your servers

Cybersecurity specialists report the detection of a critical vulnerability in Fail2ban, an…