• EN

Multi-Vendor BIOS Security Vulnerabilities (September 2022) CVE-2021-28216, CVE-2022-40134, CVE-2022-40135, CVE-2022-40136, CVE-2022-40137

  • 15 September 2022
  • 3 comments
  • 177 views
Link State
Userlevel 7
Badge +9

 

Multi-Vendor BIOS Security Vulnerabilities (September 2022) - Lenovo Support US

Lenovo has tracked the following vulnerabilities CVE-2022-40134, CVE-2022-40135, and CVE-2022-40136.

They are related to bugs and vulnerabilities that allow escalation privilege to read SMM memory,DOS, information disclosure.

There are bugs in SMI Set BIOS password SMI handler, Smart USB SMI handler used to configure WMI settings.

4 vulnerabilities were fixed by Lenovo this time, CVE-2022-40137 has the highest severity.

Threats to UEFI (BIOS) run at the beginning of the boot process , and therefore very dangerous, before control is transferred to the O.S. in this way they bypass almost all security ssystems.

Update BIOS and firmware where available.

 

 

Veeam: VMCA | VMCE | VMXP | Veeam Legend - Microsoft: MCITP | MCP | MCSA | 2008 R2 | 2012R2 | 2016 | MCSE Core Infrastructure | MCSE Cloud Platform - Azure: AZ900 | AZ104 - VMWare: VCP-DCV Vsphere 7.x - Cisco: CCNA (Expired)

3 comments

Chris.Childerhose
Userlevel 7
Badge +20

Thanks for sharing this.  We use Lenovo here at work so I better pass this along to Security to check in to and update my laptop if needed.  😎

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
wolff.mateus
Userlevel 7
Badge +11

Thanks for share! So many laptops here too.

Time to check it...

IT Lover | Veeam Vanguard | VUG Leader | Blogger
dips
Userlevel 7
Badge +7

Thanks for the heads up! 

Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2023 | www.dipen.co.uk

Comment


Terms & Conditions