Yes, two of the drivers immediately caught attention by their very unfortunate (but surprisingly honest) names: SecureBackDoor and SecureBackDoorPeim. I also seem to recall Lenovo had a similar issue about 5 or 6 years ago, so not a first time.
Altogether, the list of affected devices contains more than one hundred different consumer laptop models with millions of users worldwide, from affordable models like Ideapad-3 to more advanced ones like Legion 5 Pro-16ACH6 H or Yoga Slim 9-14ITL05. The full list of affected models with active development support is published in the Lenovo Advisory.
Bottom line though is, if you have a consumer Lenovo device, you really want to check if there is a firmware update.
See
When “secure” isn’t secure at all: High‑impact UEFI vulnerabilities discovered in Lenovo consumer laptops | WeLiveSecurity#
technology #
security #
vulnerability #
lenovo #
backdoor ESET research discovers vulnerabilities in Lenovo consumer laptop models that allow attackers with admin rights to expose users to firmware-level malware.