Lenovo Notebook Driver Vulnerability: Unauthorized Modification of Secure Boot Setting

Lenovo Notebook Driver Vulnerability: Unauthorized Modification of Secure Boot Setting

CVE-2022-3431 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Learn more about our Web Application Penetration Testing UK.