Multi Vendor BIOS Security Vulnerabilities

Lenovo consolidates multiple BIOS security fixes and enhancements into as few updates as possible. The following list of vulnerabilities were reported by suppliers. Not all products listed in the Product Impact section of this advisory were affected by every CVE summarized here.

Tianocore reported a fixed pointer vulnerability in TianoCore EDK II BIOS that may allow an attacker with local access and elevated privileges to execute arbitrary code. TianoCore EDK II is the foundational open source UEFI (BIOS) code used throughout industry in all modern computers. CVE-2021-28216.

Product Impact

To download the version specified for your product below, follow these steps.

Navigate to the Drivers & Software support site for your product.

• Lenovo Products (sold worldwide, except in China): https://support.lenovo.com/
• Lenovo Products (sold in China): https://newsupport.lenovo.com.cn/
• IBM-branded System x Legacy Products: https://www.ibm.com/support/fixcentral/

1.Search for your product by name or machine type.

2.Click Drivers & Software on the left menu panel.

3.Click on Manual Update to browse by Component type.

4.Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.

For Further Reference

https://support.lenovo.com/in/en/product_security/LEN-94953