A newly discovered Lenovo BIOS vulnerability could allow attackers to gain full control of affected systems, bypass operating systems, and even install persistent malware. Lenovo has released urgent advisories and firmware updates, but some patches are still pending.
The flaw affects select Lenovo IdeaCentre and Yoga AIO (All-In-One) computers using BIOS developed by Insyde Software. Researchers identified six vulnerabilities—four with a high severity rating of 8.2 out of 10, and two rated medium at 6.0.
BIOS Exploits Target Ring -2 Privileges
The issue stems from how the system handles System Management Mode (SMM)—a privileged CPU mode running at ring -2. This mode operates beneath the operating system and hypervisors, controlling critical low-level functions like power management and hardware communication.
According to Lenovo’s advisory, the vulnerabilities allow a privileged local attacker to read SMRAM contents and potentially execute arbitrary code within SMM. In simple terms, this would give them more control than even the OS itself.
Affected models include:
- Lenovo IdeaCentre AIO 3
- Lenovo Yoga AIO
(Firmware updates for the Yoga models are expected between September and November 2025.)
Lenovo urges users to apply available BIOS updates immediately to reduce risk.
Attackers Can Achieve Persistent, Stealthy Control
The flaws were discovered by the Binarly REsearch team, who disclosed the vulnerabilities to Lenovo on April 8, 2025. In their report, they explain that an attacker would need to already have kernel-level (ring 0) access—but once inside, they could elevate privileges to ring -2 using the exploit.
This would allow the attacker to:
- Access or modify SMRAM
- Execute code with ultra-privileged access
- Install firmware-level malware that survives OS reinstalls
- Bypass traditional endpoint security systems
That level of access would give threat actors a foothold that’s nearly impossible to detect or remove with standard security tools.
Ongoing Firmware Updates and User Action
Lenovo is working with Insyde Software to deliver the necessary updates. While some patches have already been issued, others are scheduled for release through November 2025.
Users of affected devices should:
- Check Lenovo’s support page for BIOS updates
- Apply all firmware updates as soon as they become available
- Avoid using untrusted software or granting unnecessary system-level permissions
Conclusion
The Lenovo BIOS vulnerability reveals just how deep modern cyberattacks can go—right beneath the operating system itself. With threat actors potentially able to gain ring -2 access, this isn’t just a software flaw; it’s a fundamental breach of system trust. If you’re using an affected Lenovo device, updating your BIOS is not optional—it’s urgent.
0 responses to “Lenovo BIOS Vulnerability Lets Attackers Gain Full System Control”