Vital vulnerabilities in Lenovo’s IdeaCentre and Yoga All-In-One methods may permit privileged native attackers to execute arbitrary code and entry delicate system info.
The vulnerabilities have an effect on InsydeH2O BIOS implementations utilized in particular Lenovo desktop and all-in-one pc fashions, with CVSS scores starting from 6.0 to eight.2, indicating excessive severity dangers.
Key Takeaways1. Six BIOS vulnerabilities let attackers execute malicious code on Lenovo methods.2. Impacts Lenovo IdeaCentre and Yoga All-In-One desktops.3. BIOS patches out there, Yoga fixes coming quickly.
Vital SMM Vulnerabilities
The safety flaws focus on System Administration Mode (SMM) vulnerabilities that might grant attackers unprecedented entry to system sources.
Six distinct Frequent Vulnerabilities and Exposures (CVE) identifiers have been assigned to those points, every carrying the utmost CVSS rating of 8.2.
CVE-2025-4421 is a reminiscence corruption in SMM’s CPU protocol service that permits attackers to jot down knowledge past allotted reminiscence boundaries, probably overwriting vital system code.
Out-of-bounds write vulnerability CVE-2025-4422 in SMM’s platform configuration database protocol, enabling attackers to deprave reminiscence and execute malicious code.
Moreover, buffer overflow CVE-2025-4423 within the setup automation module lets attackers inject and execute arbitrary code throughout the extremely privileged SMM surroundings.
Enter validation flaw CVE-2025-4424 permits attackers to make unauthorized calls to system variable capabilities with malicious parameters, probably altering system configuration.
Stack-based buffer overflow CVE-2025-4425 in system interrupt handlers that may be exploited to overwrite return addresses and execute attacker-controlled code.
Data disclosure vulnerability CVE-2025-4426 that leaks delicate knowledge from protected system administration reminiscence (SMRAM) to unauthorized processes.
All vulnerabilities require excessive privileges (native admin entry) to use, however can result in full system compromise as soon as executed.
The BINARLY Analysis crew, credited with discovering these vulnerabilities by coordinated disclosure, emphasizes the vital nature of those SMM-level safety flaws.
CVE IDTitleCVSS 3.1 ScoreSeverityCVE-2025-4421SMM CPU Protocol Reminiscence Corruption8.2HighCVE-2025-4422SMM PCD Protocol Reminiscence Corruption8.2HighCVE-2025-4423SetupAutomationSmm Arbitrary Code Execution8.2HighCVE-2025-4424SMI Handler Enter Validation Bypass6.0MediumCVE-2025-4425SMI Handler Stack Overflow8.2HighCVE-2025-4426SMRAM Data Disclosure6.0Medium
Affected Merchandise
The vulnerabilities impression a number of Lenovo product traces, together with IdeaCentre AIO 3 24ARR9 and 27ARR9 fashions, in addition to a number of Yoga AIO methods, together with the 27IAH10, 32ILL10, and 9 32IRH8 variants.
The safety points particularly have an effect on the EfiSmiServices parts, together with gEfiSmmCpuProtocol and EfiPcdProtocol implementations throughout the SMM modules.
Lenovo has launched BIOS model L05.05.40.011803.172079 to deal with these vulnerabilities in affected IdeaCentre fashions, with the minimal fastened model O6BKT1AA now out there for obtain.
Nonetheless, remediation timelines for Yoga AIO methods lengthen by late 2025, with fixes scheduled for September 30, 2025 (Yoga AIO 32ILL10 and 9 32IRH8) and November 30, 2025 (Yoga AIO 27IAH10).
Customers ought to instantly replace their methods by Lenovo’s assist portal and allow automated replace mechanisms the place out there.
Combine ANY.RUN TI Lookup together with your SIEM or SOAR To Analyses Superior Threats -> Strive 50 Free Trial Searches
