Malicious actors could exploit the four high-severity memory corruption flaws to escalate privileges and execute arbitrary code in the SMM, while the other medium-severity issues could be abused to disclose information and evade security mechanisms, according to findings from Binarly. Aside from launching persistent implants, as well as circumventing SPI flash defenses and SecureBoot, attackers could also ruin hypervisor isolation via intrusions involving the flaws, which have already been addressed and mitigated by Lenovo. Such a report comes after Gigabyte firmware was discovered by Binarly researchers to have been affected by several SMM flaws. Similar security bugs that could be harnessed to evade Secure Boot have also been discovered by the firm in DTResearch's UEFI firmware apps.
Multiple vulnerabilities found in Lenovo devices
SecurityWeek reports that all-in-one desktops by Lenovo had their System Management Mode impacted by half a dozen security flaws, tracked from CVE-2025-4421 to CVE-2025-4426, which could be leveraged to facilitate persistent implant injections.
