With the variable set, the platform's firmware will skip the execution of code that is "responsible for the setting up BIOS Control Register and Protected Range register-based SPI flash protections". Successful exploitation disables SPI flash write protections. The primary line of defense is "provided by the special memory-mapped configuration registers exposed by the chipset itself – the BIOS Control Register and five Protected Range registers".ĬVE-2021-3971 may be exploited by creating the NVRAM variable. Manufacturers created several security mechanisms to protect the SPI flash against unauthorized modifications. Malwares such as LOJAX, the first UEFI rootkit found in the wild, MosaicRegressor, or MoonBounce, targeted the memory in attacks. Since it is non-volatile, it is a high-level target for threat actors.
#Lenovo driver update utility name install
An administrator could erase a device's hard drive, install another operating system, and the memory would not be changed by the procure. The memory is independent of the operating system, which means that it remains even if the operating system is reinstalled or another system is installed. It is connected to the processor via the Serial Peripheral Interface (SPI). UEFI firmware is usually stored on the in an embedded flash memory chip on the computer's motherboard. The vulnerability CVE-2021-3971 can be exploited to disable SPI protections on Lenovo devices. Lenovo published the security advisory on April 18 and ESET its findings and details a day later. Lenovo confirmed the vulnerabilities in November 2021 and requested a postponing of the public disclosure date to April 2022. Security company ESET reported the vulnerabilities to Lenovo in October 2021.
0 kommentar(er)
