Home > Cyber News > 23 Vulnerabilities in UEFI Firmware Used by HP, Lenovo (CVE-2021-41837)

23 Vulnerabilities in UEFI Firmware Used by HP, Lenovo (CVE-2021-41837)

CVE-2021-41837At least 23 new security vulnerabilities were discovered in various implementations of UEFI (Unified Extensible Firmware Interface) firmware implemented by multiple vendors, such as HP, Lenovo, Juniper Networks, and Fujitsu.

The flaws are located in Insyde Software’s InsydeH2O UEFI firmware, with most of the flaws stemming from the SMM mode (system management). It is noteworthy that in x86 systems, the UEFI firmware is typically found in the flash memory chip of the motherboard.

Unified Extensible Firmware Interface (UEFI) is a technology that connects a computer’s firmware to its operating system. The purpose of UEFI is to eventually replace the legacy BIOS. The technology is installed during manufacturing. It is also the first program running when a computer is started.

UEFI Firmware Vulnerabilities

The vulnerabilities include CVE-2021-41837, CVE-2021-41838, CVE-2021-33627, CVE-2021-33626, CVE-2021-41839, CVE-2021-41841, among others. The full list is available in Insyde’s technical advisory, which also provides patch information and more technical details.

According to Binarly, the company that disclosed the issues, “The active exploitation of all the discovered vulnerabilities can’t be detected by firmware integrity monitoring systems due to limitations of the Trusted Platform Module (TPM) measurement. The remote device health attestation solutions will not detect the affected systems due to the design limitations in visibility of the firmware runtime.”

It is noteworthy that an attacker with privileged user access to the targeted system can exploit the vulnerabilities to install advanced persistent malware. Furthermore, the attacker can circumvent endpoint security solutions, Secure Boot, and virtualization-based security.

The flaws were originally unearthed in Fujitsu devices. However, further analysis showed that the issue was more large-scale, impacting Insyde-based firmware. Fujitsu was contacted in September last year, while Binarly cooperated with CERT/CC and the Linux Vendor Firmware Service (LVFS) to identify and notify other impacted vendors.

In October 2020, security researchers discovered a new UEFI attack, where a compromised UEFI firmware image contained a malicious implant. Part of a malware framework called MosaicRegressor, the attack compromised victims with ties to North Korea between 2017 and 2019.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree