Lenovo: Major Vulnerabilities Found In Multiple Laptop Models

Hundreds of Lenovo models are vulnerable to three major flaws.

Cybersecurity experts from ESET have found three security flaws in hundreds of different Lenovo laptop models which could put millions of users at risk. 

ESET said exploiting these vulnerabilities would allow attackers to deploy and successfully execute UEFI malware either in the form of SPI flash implants like LoJax or ESP implants like ESPecter.  

In total, three vulnerabilities have been discovered, which are now tracked as CVE-2021-3970, CVE-2021-3971 (also known as SecureBackDoor and SecureBackDoorPreim), and CVE-3972 (SMM memory corruption inside the SW SMI handler function).