Table of contents
- Does Lenovo have security issues?
- Driver security risk for Lenovo laptop users
- Vulnerabilities related to BIOS in Lenovo laptops
- Updating the BIOS of Lenovo laptops
- Affected Models
- Is Lenovo Safe?
Does Lenovo have security issues?
Some Lenovo laptops have serious security concerns that could let hackers alter the boot settings and firmware.
Lenovo lists over 70 vulnerabilities on its website. There are several of them below.
| ID | Summary |
|---|---|
| CVE-2022-3430 | WMI Setup driver vulnerability |
| CVE-2022-3431 | Secure boot settings vulnerability |
| CVE-2022-3432 | Ideapad Y700-14ISK boot setting vulnerability |
| CVE-2021-3971 | UEFI driver vulnerability |
| CVE-2021-3972 | UEFI driver vulnerability |
Luckily, you can fix almost all of the Lenovo security issues, and secure your online privacy, by installing the latest firmware updates from the Lenovo website.
However, hackers don’t stop at laptops—your smartphone could also be a target. Malware similar to the Lenovo exploits can infiltrate your phone through vulnerabilities or disguised apps.
Use Clario Anti Spy to scan your phone for hidden threats so you’re safe all-round.
Follow these steps to launch Spyware scan on your smartphone:
- Download Clario Anti Spy on your phone and subscribe.
- Tap Spyware scan on the dashboard to start scanning.
- Review the flagged apps and permissions after the scan.
- Use Rescan to ensure no threats remain.
Driver security risk for Lenovo laptop users
Lenovo, like many other major manufacturers, has faced driver security vulnerabilities in the past. For example, in late 2021, Lenovo discovered two data protection vulnerabilities that were introduced into the BIOS image of some of their computers.
We’ll explain some key vulnerabilities below, as well as how you can update and secure your Lenovo laptop.
Vulnerabilities related to BIOS in Lenovo laptops
Many security vulnerabilities facing Lenovo laptops affect the Unified Extensible Firmware Interface (UEFI) secure boot process. Some examples include:
- CVE-2021-3971 and CVE-2021-3972: Two (UEFI) drivers that were only meant to be used while the laptops were being built, but ended up sticking around in the firmware and allowing hackers to install malware while the system boots up.
- CVE-2022-3430, CVE-2022-3431, and CVE-2022-3432: Lenovo Notebook BIOS vulnerabilities that let attackers modify secure boot settings.
Updating the BIOS of Lenovo laptops
To update your Lenovo laptop and remove these vulnerabilities, do the following:
- Navigate to support.lenovo.com.
- Select View PC Support, then use the search bar to find your laptop model.
- Click on Drivers & Software in the left-hand panel.
- Select Select Drivers under Manual Update.
- Perform all recommended updates, starting with the BIOS/UEFI updates.
Affected Models
Below is the complete list of affected Lenovo models. If your laptop is on this list, we recommend following the instructions above to update your firmware as soon as possible. If you’ve already fallen victim, here’s what to do if your computer has been hacked.
Is Lenovo Safe?
All laptops, including Lenovo, could potentially have firmware vulnerabilities that allow hackers to interfere with the system even before the operating system loads. To help ensure firmware security, you should consistently check and use the updates that Lenovo releases. In the meantime, don’t forget to use Clario Anti Spy to protect your devices from intrusive spyware.
