Lenovo UEFI Secure Boot Vulnerability Found In Various Laptops

The computer manufacturer Lenovo has closed two serious security gaps that allow attackers to infect devices with malware undetected. Various ThinkBook, IdeaPad and Yoga laptop models are affected.

Lenovo therefore recommends importing the newly available UEFI firmware updates as a matter of urgency. The affected Lenovo UEFI software was not intended for productive operation and, according to the manufacturer, was published unintentionally.

The vulnerabilities it contains could allow attackers to disable UEFI Secure Boot, allowing them to stealthily enter their victims’ systems without a security check being performed.

Verification system doesn’t work

UEFI Secure Boot is the verification system that ensures that malicious code cannot be loaded and executed during the computer boot process. If this check is defeated, unsigned, malicious code can also be executed.

In this way, attackers circumvent all security precautions and can inject malware almost unnoticed, which persists even when the operating system is reinstalled. Microsoft had already warned of the error. The problem stems from Lenovo inadvertently including an early development driver in the final production releases that could change Secure Boot settings, the vulnerability documentation now states.

However, this also means that the vulnerabilities are not due to a regular bug in the code, but to a practical flaw, which is that the wrong driver was shipped. ESET researchers discovered that this had happened and reported it to Lenovo.


The two vulnerabilities fixed by Lenovo through the BIOS address the following vulnerabilities:

  • CVE-2022-3430: A vulnerability in the WMI setup driver on some Lenovo consumer notebook devices could allow an elevated attacker to change the Secure Boot setting by modifying an NVRAM variable.
  • CVE-2022-3431: A vulnerability in a driver used during the manufacturing process on some Lenovo consumer notebook devices, which was inadvertently not disabled, could allow an elevated attacker to compromise the Secure Boot setting by changing a Modify NVRAM variable.

There is a third vulnerability of a similar nature, tracked as CVE-2022-3432, which only affects the IdeaPad Y700-14ISK. Lenovo will not fix this vulnerability because the affected product has reached end of life (EOL).

Owners of supported Lenovo computers can check the model list in the manufacturer’s security bulletin to determine if they are affected by any of the vulnerabilities and have security updates.