Categories: News

If you have a Lenovo laptop, you should upgrade now!

If you haven’t done so yet, we recommend that you update your Lenovo laptop, let’s find out why in the full article

The news was reported on the manufacturer’s website, in the section dedicated to news relating to the same, on official press release speaks of ben 3 specific vulnerabilities, that would have an average security impact in terms of use for malicious purposes, and with a “Privilege escalation“. The news was then promptly reported by ESET security officers, well-known antivirus. They are the very first who have highlighted the risks and discovered the same.

The 3 vulnerabilities in question apparently arise from a flaw in the Firmware level, in particular they could give access to certain areas and to allow modification of the UEFI, which we remember, the latter contains all those code packages that allow the start of the processor and all the basic services. To be clearer, since the flaw is present in a level that occurs well before the full boot of the operating system, and therefore even before the antivirus can startcould allow malicious people to steal personal data by infecting the machine while remaining completely undisturbed.

Some ESET researchers have indeed stated the following;

UEFI threats can be extremely dangerous. Our discovery of these so-called UEFI secure backdoors is proof that in some cases the implementation of UEFI threats may not be as difficult as expected.

If you have a Lenovo laptop, you should upgrade now!

What are the models that could suffer from this flaw? Apparently over 100, including IdeaPad e Legion just to name a few. Vulnerabilities are called;

  • CVE-2021-3970
  • CVE-2021-3971
  • CVE-2021-3972

At the moment the company has already released the security update which should have fixed the problem. The advice is to obviously update the firmware to limit any damage.

Brief focus on vulnerabilities

Starting with the CVE-2021-3970 flaw, it would apparently have the potential to sneak into the suite LenovoVariable SMI Handler and allow a hacker with local access and elevated privileges to execute arbitrary code.

Different and more dangerous still CVE-2021-3971in fact, by acting at the BIOS level, it would allow a hacker with high privileges to modify the firmware protection region by modifying an NVRAM variable, all starting from a simple driver. The last one, CVE-2021-3972, always originating from a Driver, would allow you to change the secure boot setting by modifying an NVRAM variable.

If you want to continue to know the latest news from the software world, keep following us. Greetings from

Published by
Marco Dellapina

Recent Posts

Rai Way continues the digitization plan: the details of the new project

The Rai Way digitization program continues. To support this program is a nnew IP contribution…

7 hours ago

The fifth edition of the MioDottore Awards review kicks off

My Doctor announced the departure of the fifth edition of the MioDottore Awards, the review…

8 hours ago

The eero Pro 6E and eero 6+ routers are available, here are prices and specifications

Amazon has renewed the eero range with the launch of the new eero Pro 6E…

9 hours ago

JoJo’s Bizarre Adventure: All-Star Battle R, trailer reveals release date with demo

JoJo's Bizarre Adventure: All Star Battle R trailer contains information about the game including release…

11 hours ago

OPPO Find X5 Pro immortalizes the nocturnal atmosphere of Disneyland Paris

OPPO e Disneyland Paris have joined forces to create a campaign dedicated to night photography…

13 hours ago

The best dive computers | May 2022

The dive computer is one of the fundamental tools for diving enthusiasts. With this guide…

14 hours ago