Multi-Vendor BIOS Security Vulnerabilities (September 2022) - Lenovo Support US
Lenovo has tracked the following vulnerabilities CVE-2022-40134, CVE-2022-40135, and CVE-2022-40136.
They are related to bugs and vulnerabilities that allow escalation privilege to read SMM memory,DOS, information disclosure.
There are bugs in SMI Set BIOS password SMI handler, Smart USB SMI handler used to configure WMI settings.
4 vulnerabilities were fixed by Lenovo this time, CVE-2022-40137 has the highest severity.
Threats to UEFI (BIOS) run at the beginning of the boot process , and therefore very dangerous, before control is transferred to the O.S. in this way they bypass almost all security ssystems.
Update BIOS and firmware where available.
