#efixplorer — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #efixplorer, aggregated by home.social.
-
Недавно Lenovo обновила BIOS'ы для своих устройств. Мне прилетело обновление через их Lenovo Vantage.
Крайне рекомендую обновиться, закрыты серьезные уязвимости (https://support.lenovo.com/fr/en/product_security/len-65529):
* CVE-2021-3452: A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.* CVE-2021-3453: Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.
* CVE-2021-3614: A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage.
Немного подробностей от исследователей:
* https://github.com/binarly-io/Vulnerability-REsearch/blob/main/Lenovo/BRLY-2021-001.md
* https://github.com/binarly-io/Vulnerability-REsearch/blob/main/Lenovo/BRLY-2021-002.md