Lenovo issued a security notice informing customers of multiple serious BIOS vulnerabilities affecting hundreds of Lenovo devices across various models (Desktop, All in One, IdeaCentre, Legion, ThinkCentre, ThinkPad, ThinkAgile, ThinkStation, ThinkSystem).
Exploiting the vulnerabilities might result in the disclosure of sensitive information, an increase in privileges, a denial of service, and possibly even the execution of arbitrary code in some situations.
The following are the six flaws detailed in Lenovo’s security advisory:
The problems have been resolved in the most recent BIOS upgrades that Lenovo has released for the affected models.
The majority of patches have been accessible since July and August of 2022.
Additional patches are anticipated to be released by the end of September and October. In addition, a limited number of models will receive updates in the following year.
The security alert contains a comprehensive list of the affected computer models, the BIOS firmware version that mitigates each vulnerability, and download links for each model.
Lenovo device owners can also go to the “Drivers & Software” website, search for their device by name, select the “Manual Update” option and then download the most recent version of the BIOS firmware.