Updated: May 23
Lenovo has recently released two product safety advisories on their website. April, 12th 2022 for ThinkPads and April 18th 2022 for multiple product lines. These vulnerabilities on Lenovo laptops are firmware level (UEFI) vulnerabilities that can allow for privilege escalation as well as allow attackers to install firmware level rootkits. This form of malware will persist and be unaffected by operating system wipes or drive replacements.
Lenovo have recently released BIOS updates to fix these vulnerabilities. Please see below to see if your laptop is affected and immediately complete a BIOS update. We are not liable for any incorrectly updated BIOSes.