Computer maker Lenovo has started pushing security patches to address three vulnerabilities impacting the UEFI firmware of more than 110 laptop models.
Two of the security flaw — CVE-2021-3972 and CVE-2021-3971 — exist because drivers that should have been used during the manufacturing process only were mistakenly left in production UEFI firmware, potentially exposing devices to attacks.
https://www.securityweek.com/firmware-f ... o-laptops/