We stand with Ukraine to help keep people safe. Join us

Tags PC Security

Lenovo Security Concerns

Over the last two years, serious security vulnerabilities have been found in over a hundred of Lenovo’s consumer laptop models. These vulnerabilities let attackers install malware directly in the firmware, meaning that it can even survive an operating system reinstall. Below, we’ll explain these vulnerabilities and how to protect yourself from cyberattacks. Meanwhile, get Clario AntiSpy to run a spyware scan on your Lenovo.

Table of contents

Does Lenovo have security issues?

Some Lenovo laptops have serious security concerns that could let hackers alter the boot settings and firmware.

Lenovo lists over 70 vulnerabilities on its website. There are several of them below.

CVE-2022-3430WMI Setup driver vulnerability
CVE-2022-3431Secure boot settings vulnerability
CVE-2022-3432Ideapad Y700-14ISK boot setting vulnerability
CVE-2021-3971UEFI driver vulnerability
CVE-2021-3972UEFI driver vulnerability

Luckily, you can fix almost all of the Lenovo security issues by installing the latest firmware updates from the Lenovo website.


You can also use Clario AntiSpy to check your device for malicious apps and secure your online privacy:

  1. Download Clario AntiSpy and get a subscription to create an account.
  2. Go to Anti Spy scan > Start scan.
  3. Wait for the scan to complete and follow the on-screen instructions on how to get rid of the threats on your computer.
Lenovo laptop with an open Clario AntiSpy app running an AntiSpy scan

Driver security risk for Lenovo laptop users

Lenovo, like many other major manufacturers, has faced driver security vulnerabilities in the past. For example, in late 2021, Lenovo discovered two data protection vulnerabilities that were introduced into the BIOS image of some of their computers.


We’ll explain some key vulnerabilities below, as well as how you can update and secure your Lenovo laptop.

Vulnerabilities related to BIOS in Lenovo laptops

Many security vulnerabilities facing Lenovo laptops affect the Unified Extensible Firmware Interface (UEFI) secure boot process. Some examples include:

  • CVE-2021-3971 and CVE-2021-3972: Two (UEFI) drivers that were only meant to be used while the laptops were being built, but ended up sticking around in the firmware and allowing hackers to install malware while the system boots up.
  • CVE-2022-3430, CVE-2022-3431, and CVE-2022-3432: Lenovo Notebook BIOS vulnerabilities that let attackers modify secure boot settings.

Updating the BIOS of Lenovo laptops

To update your Lenovo laptop and remove these vulnerabilities, do the following:

  1. Navigate to support.lenovo.com.
  2. Select View PC Support, then use the search bar to find your laptop model.
  3. Click on Drivers & Software in the left-hand panel.
  4. Select Select Drivers under Manual Update.
  5. Perform all recommended updates, starting with the BIOS/UEFI updates.
Lenovo Technical Support webpage
Step 1. Go to the Lenovo Technical Support website
Click on the Drivers & Software tab
Step 2. Click on Drivers & Software tab
Run all the recommended actions from the menu
Step 3. Install recommended drivers

Affected Models

Below is the complete list of affected Lenovo models. If your laptop is on this list, we recommend following the instructions above to update your firmware as soon as possible. If you’ve already fallen victim, here’s what to do if your computer has been hacked.

ModelAffected by CVE-2022-3430Affected by CVE-2022-3431
D330-10IGL Laptop (ideapad)YesYes
IdeaPad 5 Pro 16ARH7YesYes
IdeaPad 5 Pro 16IAH7YesNot Affected
IdeaPad Duet 3 10IGL5YesYes
Lenovo Slim 7 16ARH7YesYes
Lenovo ThinkBook 15p IMHYesNot Affected
S540-15IML Laptop (ideapad)Not AffectedYes
Slim 7 Pro 16ACH6 Laptop (IdeaPad)Not AffectedYes
Slim 7-14ARE05 Laptop (ideapad)YesNot Affected
Slim 7-14IIL05 Laptop (ideapad)YesNot Affected
Slim 7-14ITL05 Laptop (ideapad)YesNot Affected
Slim 7-15IIL05 Laptop (ideapad)YesNot Affected
Slim 7-15IMH05 Laptop (ideapad)YesNot Affected
Slim 7-15ITL05 Laptop (ideapad)YesNot Affected
ThinkBook 13x ITG LaptopYesYes
ThinkBook 14 G2 ARE LaptopYesNot Affected
ThinkBook 14 G2 ITL LaptopYesNot Affected
ThinkBook 14 G3 ACL LaptopYesNot Affected
ThinkBook 14 G3 ITL LaptopYesNot Affected
ThinkBook 14 G4 ABA LaptopYesNot Affected
ThinkBook 14 G4+ ARAYesYes
ThinkBook 14 G4+ IAP LaptopYesYes
ThinkBook 14p G3 ARHYesNot Affected
ThinkBook 14s Yoga ITLYesNot Affected
ThinkBook 15 G2 ARE LaptopYesNot Affected
ThinkBook 15 G2 ITL LaptopYesNot Affected
ThinkBook 15 G3 ACL LaptopYesNot Affected
ThinkBook 15 G3 ITL LaptopYesNot Affected
ThinkBook 15 G4 ABA LaptopYesNot Affected
ThinkBook 15P G2 ITHYesNot Affected
ThinkBook 16 G4+ ARAYesYes
ThinkBook 16 G4+ IAP LaptopYesYes
ThinkBook 16p G3 ARHYesNot Affected
ThinkBook 16p NX ARHYesYes
ThinkBook Plus G2 ITGYesYes
ThinkBook Plus G3 IAPYesYes
Yoga Creator 7-15IMH05 Laptop (ideapad)YesNot Affected
Yoga Duet 7-13IML05YesYes
Yoga Duet 7-13ITL6YesYes
Yoga Duet 7-13ITL6-LTEYesYes
Yoga Slim 7 Carbon 13ITL5 (ideapad)Not AffectedYes
Yoga Slim 7 Pro 16ACH6 Laptop (IdeaPad)Not AffectedYes
Yoga Slim 7 Pro 16ARH7YesYes
Yoga Slim 7-13ACN05 Laptop (ideapad)Not AffectedYes
Yoga Slim 7-13ITL05 Laptop (ideapad)Not AffectedYes
Yoga Slim 7-14ARE05 Laptop (ideapad)YesNot Affected
Yoga Slim 7-14IIL05 Laptop (ideapad)YesNot Affected
Yoga Slim 7-14ITL05 Laptop (ideapad)YesNot Affected
Yoga Slim 7-15IIL05 Laptop (ideapad)YesNot Affected
Yoga Slim 7-15IMH05 Laptop (ideapad)YesNot Affected
Yoga Slim 7-15ITL05 Laptop (ideapad)YesNot Affected
ideapad 5 Pro-16ACH6 LaptopNot AffectedYes
ideapad 5 Pro-16IHU6 LaptopNot AffectedYes
ideapad Creator 5-16ACH6 LaptopNot AffectedYes

Is Lenovo Safe?

All laptops, including Lenovo, could potentially have firmware vulnerabilities that allow hackers to interfere with the system even before the operating system loads. To help ensure firmware security, you should consistently check and use the updates that Lenovo releases. In the meantime, don’t forget to use Clario AntiSpy to protect your devices from intrusive spyware.

Keep reading

Have Lenovo but worried about your privacy?

Get started