Lenovo closes gaps in BIOS, management controller and WLAN driver
Important security updates protect Lenovo computers. In the worst case, attackers can execute malicious code.
(Image: Tatiana Popova/Shutterstock.com)
Several security vulnerabilities in the BIOS of countless Lenovo PCs make systems vulnerable to attack. A vulnerability in Qualcomm's WLAN driver can also let attackers into the systems. In addition, Lenovo's management controller XClarity Controller has been secured against possible attacks.
Videos by heise
In a warning message, the PC manufacturer classifies the risk posed by the BIOS gaps as"high". A total of 19 vulnerabilities have been closed. These include malicious code vulnerabilities, but attackers can also paralyze systems via DoS attacks. As the number of affected models would go beyond the scope of this message, owners of Lenovo PCs should study the list in the warning message.
Waiting for security updates
The Qualcomm WLAN vulnerability (CVE-2024-33051"high") also affects many computer and laptop models, as can be seen from the warning message. After a successful attack, attackers can put systems into a DoS state. However, no security updates are yet available. The first are due to be released at the end of October 2024.
Other threats concern XClarity controllers. Among other things, attackers can gain higher user rights (CVE-2024-8278). The issues secured against this are available in a support article.
XCLarity Administrator (LXCA) is also vulnerable. Attackers can also elevate their rights here. The LXCA 4.1 version provides a remedy.
(des)
