New security research by Binarly has revealed multiple critical firmware vulnerabilities in Lenovo devices, highlighting significant risks to system integrity and long-term device security.

According to Binarly’s latest findings, six security flaws were identified in the System Management Mode (SMM) of Lenovo’s all-in-one desktop models. SMM operates at a low level within the system firmware and is executed before the operating system loads. Because of this, it offers a powerful opportunity for attackers to deploy stealthy implants that can evade detection and survive system reinstallation.

High-Severity Threats Targeting the Firmware Layer

Four of the six vulnerabilities have been rated as high severity, involving memory corruption issues that could enable privilege escalation and arbitrary code execution within SMM. The remaining two are classified as medium severity and could be exploited for information leaks or to bypass built-in security controls.

Exploiting these weaknesses could allow attackers to bypass protections like Secure Boot and SPI flash security, install persistent malware, and even compromise hypervisor-level isolation, posing a serious risk to virtualization environments.

Threat to Supply Chain and Endpoint Security

What makes these flaws particularly dangerous is their ability to persist even after reinstalling the operating system, making them ideal for advanced persistent threats (APTs). This places not just individual users but entire enterprise networks and supply chains at risk, especially in environments that rely on Lenovo hardware.

Binarly first disclosed the vulnerabilities to Lenovo in April 2025. After confirming the issues in June, Lenovo released firmware patches and mitigation guidance, now available through their official channels.

Both Binarly and Lenovo have published detailed security advisories outlining the nature of these vulnerabilities, their potential impact, and the steps users and administrators should take to secure affected systems.

A Broader Industry Concern

This disclosure follows Binarly’s previous discoveries of similar vulnerabilities in firmware from other major manufacturers, including Gigabyte and DTResearch. The findings emphasize the need for improved firmware-level security visibility, proactive vulnerability management, and stronger controls over system integrity at the UEFI and SMM levels.

Source: https://www.securityweek.com/lenovo-firmware-vulnerabilities-allow-persistent-implant-deployment