Security researchers discover serious UEFI firmware vulnerabilities affecting millions of Lenovo laptops
A team of security researchers at ESET have unearthed a trio of vulnerabilities with Lenovo laptops. More than one hundred different models of laptop are affected, meaning that millions of owners are at risk.
Two of the vulnerabilities (CVE-2021-3971 and CVE-2021-3972) affect UEFI firmware drivers and are extremely worrying because of the potential implications of exploitation. CVE-2021-3970 is a slightly less serious memory corruption problem, but it remains concerning.