Lenovo units are affected by a number of vulnerabilities, together with ones that might enable attackers to deploy persistent implants on focused programs, firmware safety and provide chain danger administration firm Binarly reported on Tuesday.
Binarly found a complete of six flaws in Lenovo all-in-one desktops, particularly the System Administration Mode (SMM), an working mode designed for low-level system administration.
As a result of SMM masses earlier than the working system and persists throughout reinstallation, it may be an ideal goal for risk actors trying to bypass Safe Boot (the safety function designed to make sure that solely trusted software program is loaded on startup) and deploy stealthy malware.
The vulnerabilities have been assigned the CVE identifiers CVE‑2025‑4421 via CVE‑2025‑4426. 4 of them have a ‘excessive severity’ ranking, whereas the remainder have been categorised as ‘medium severity’.
The high-severity flaws are reminiscence corruption points that may result in privilege escalation and arbitrary code execution within the SMM. The medium-severity vulnerabilities can result in info disclosure and safety mechanism bypasses.
Menace actors which have entry to the focused Lenovo system may exploit the vulnerabilities to bypass SPI flash safeguards and SecureBoot, deploy implants that survive reinstallation of the working system, and even break hypervisor isolation.
Binarly reported the issues to Lenovo in April and the seller confirmed the findings in June. It has now made accessible patches and mitigations.
Each Lenovo and Binarly revealed safety advisories describing the vulnerabilities on Tuesday.Commercial. Scroll to proceed studying.
Binarly lately additionally found SMM vulnerabilities affecting Gigabyte firmware. As well as, the corporate confirmed final month how weak UEFI firmware functions from DTResearch, an organization that makes rugged tablets, laptops and different industrial computer systems, might be leveraged to bypass Safe Boot on many units.
Associated: Prototype UEFI Bootkit is South Korean College Mission; LogoFAIL Exploit Found
Associated: PKfail Vulnerability Permits Safe Boot Bypass on Lots of of Laptop Fashions
Associated: Palo Alto Networks Addresses Impression of BIOS, Bootloader Vulnerabilities on Its Firewalls
