Hundreds of Lenovo laptops are affected by the above-mentioned vulnerabilities.
LENOVO DRIVERS FOR UBUNTU UPDATE
At present, Lenovo has issued a security bulletin to remind users to update as soon as possible. I don’t know why it took Lenovo half a year to complete the repair. ESET notified Lenovo of the vulnerabilities in time. The above vulnerabilities were discovered in October last year. This type of UEFI rookit can achieve long-term latency and be difficult to detect.
This means that attackers can escalate privileges, modify NVRAM, and deploy and infiltrate malicious programs in SPI or EFI system partitions or ESPs. When trying to update the graphics card driver to use Nvidia for my GeForce GT 750M, the system won’t load the GUI desktop anymore. This system was tested with 18.04 LTS, running the 5.4.0-73-generic kernel. The OS works perfectly with the default drivers. The Lenovo ThinkServer SR590 V2 development board with the components described below has been awarded the status of certified for Ubuntu. The researchers say that the two drivers can be launched by an attacker, and then switch the SPI flash protection mechanism and UEFI secure boot function in privileged mode when the operating system is executed. (208.4 KB) Hello All, I have installed a fresh Ubuntu 20.04 on a new SSD drive. CVE-2021-3972: A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.CVE-2021-3971: A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable.CVE-2021-3970: A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.The following vulnerabilities were reported in Lenovo Notebook BIOS.
The CVE-2021-3970 vulnerability is in System Management Mode (SMM) and can be mainly used for privilege escalation.