ESET uncovers 3 vulnerabilities in Lenovo laptops

Three vulnerabilities were reported today: CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972. The latter two are particularly embarrassing since they are related to UEFI firmware drivers used in the manufacturing process and can be used to disable SPI flash protections or the UEFI Secure Boot feature. “UEFI threats can be extremely stealthy and dangerous,” said ESET researcher Martin Read more about ESET uncovers 3 vulnerabilities in Lenovo laptops[…]