image credit: unsplash
Researchers at cybersecurity firm ESET discovered a total of three buffer overflow vulnerabilities that can allow an attacker with local privileges to affected Lenovo devices to execute arbitrary code. However, Lenovo says only one of the vulnerabilities (CVE-2022-1892) impacts all devices, while the other two impact only a handful of laptops.
“The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features,” ESET explained.
Comments are closed.
