Critical BIOS vulnerabilities affect Lenovo Desktop, Desktop AIO, Smart Edge, Smart Office, ThinkStation, and ThinkSystem models

Four BIOS-related vulnerabilities have recently been discovered, according to a new security alert from Lenovo. Threat actors can use these flaws to allow information exposure, denial of service, or privilege escalation.

The first of the bugs, identified as CVE-2022-40137, affects the WMI SMI Handler function and affects the Lenovo Desktop, Desktop AIO, Smart Edge, Smart Office, ThinkStation, and ThinkSystem models. It could be exploited by an adversary with local access and elevated privileges to execute arbitrary code.

AMI has updated the AMI BIOS with security features.  

CVE-2021-28216: A fixed pointer vulnerability in the TianoCore EDK II BIOS has been disclosed by Tianocore and might allow an intruder with elevated privileges and local access to run arbitrary code. The core open source UEFI (BIOS) code found in all current PCs is called TianoCore EDK II. 

CVE-2022-40137: Some Lenovo models include a buffer overflow in the WMI SMI Handler that might allow an adversary with elevated privileges and local access to run arbitrary code. 

CVE-2022-40134: Some Lenovo models have a SMI Set BIOS Password SMI Handler vulnerability that might allow a local actor with elevated rights to read SMM memory. 

CVE-2022-40135: Some Lenovo models have an information leak vulnerability in the Smart USB Protection SMI Handler that might allow a local user with elevated privileges to read SMM memory.

CVE-2022-40136:  In some Lenovo models, the SMI Handler, which is used to configure platform settings using WMI, has a vulnerability that might allow a local user with elevated capabilities to read SMM memory. 

How  to Protect Yourself:

 Update the system firmware to the latest version This time, Lenovo addressed four vulnerabilities, with CVE-2022-40137 having the highest priority.

Threats to the UEFI (BIOS) system can be very serious and covert. Because they are run early in the boot process, before the operating system takes over, they are able to get around practically all security precautions and mitigations higher in the stack that may prevent their OS payloads from being executed.