Major flaws found in Lenovo BIOS: attackers can take over systems

Published: 30 July 2025
Last updated: 31 July 2025
Lenovo vulnerabilities
Image by Cybernews.

Lenovo has released urgent BIOS updates and warned about high-severity flaws that allow privileged local attackers to gain complete control of systems. Some updates are still pending.

Six newly discovered vulnerabilities are affecting Lenovo computers with BIOS from Insyde Software, a global provider of system firmware and software engineering services.

“Potential vulnerabilities were reported in Insyde BIOS used in some Lenovo IdeaCentre and Yoga All-In-One products that could allow a privileged local attacker to read SMRAM contents or execute arbitrary code in System Management Mode (SMM),” the Lenovo advisory reads.

ADVERTISEMENT

SMM operates with extremely high privileges in the system, running at ring -2, which allows it to halt the normal execution of all other software, including the operating system or hypervisors. This special operating mode handles critical system-wide functions such as power management, system hardware control, proprietary OEM-designed code, and other low-level system operations.

lenovo pc aio yoga ideacentre aio 3 computers bios

The affected models include Lenovo IdeaCentre AIO 3 desktop computers and Yoga AIO all-in-one computers. BIOS updates for the latter are expected between September and November 2025.

To mitigate the issue, Lenovo urges users to update the firmware to the latest version.

All six flaws were discovered and disclosed by the Binarly REsearch team. Four of them have a high severity rating of 8.2 out of 10, and the other two have been assigned a medium severity score of 6 out of 10.

Gintaras Radauskas vilius jurgita Konstancija Gasaityte profile
Don’t miss our latest stories on Google News.
Google News Follow us

The firm explains that attackers would need to have deep system access to exploit the flaws.

“An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, and read SMRAM content (that can help to execute arbitrary code in System Management Mode - an environment more privileged than the operating system (OS) and completely isolated from it),” the report reads.

ADVERTISEMENT

Ring 0 means that the attacker would need to already have kernel access, but then they could exploit this vulnerability to install malicious firmware that would survive a complete wipe and reinstall of the OS and bypass security features.

Binarly REsearch team has disclosed the flaws to Lenovo on April 8th, 2025.

Share
Post
Share
Share
Share
More from Cybernews
By participating in this viral trend, you help train AI where it struggles the most
Windows hibernation may contribute to SSD wear as storage costs rise
UFO skeptic Michael Shermer apologizes to David Grusch
Man tries to make a sale on Facebook Marketplace, gets scammed out of $300 via Zelle
Critical FFmpeg flaw discovered: just watching a video can fully compromise your system
The world's top intelligence alliance: AI could supercharge cyberattacks within months
ADVERTISEMENT