Skip to main content

If you own a Lenovo PC, you need to update it immediately

Lenovo, one of the most popular computer manufacturers in the world, just announced that many of its laptops and desktops need immediate BIOS updates to secure them from serious security vulnerabilities. Six flaws have been found; however, none have been reported as being actively exploited thus far.

Lenovo lists the affected models, which range from desktops and all-in-ones to laptops and even servers. Models include several IdeaCentre, ThinkCentre, ThinkStation, ThinkSystem, Legion, M-series, V-series, and Yoga desktops and all-in-ones. A large number of laptops are affected as well, including IdeaPad, ThinkPad, ThinkBook, Legion, Yoga, and Flex models.

lenovo legion laptops

There are hundreds of computer models affected and everyone that owns a Lenovo laptop, desktop, or server should check if their model is on the list.

The vulnerabilities could lead to elevated privileges for attackers, unauthorized access to data, denial of service, and even arbitrary code execution. Not every model is affected by every bug listed but Lenovo didn’t itemize by model. The full CVE list shows 5 vulnerabilities: CVE-2021-28216, CVE-2022-40134, CVE-2022-40135, CVE-2022-40136, and CVE-2022-40137. American Megatrends released security enhancements for its AMI BIOS, which is used by Lenovo, but there isn’t a CVE available for this vulnerability.

Lenovo provided links to download the required updates. For Lenovo Products, search for your model on Lenovo’s support page, and for IBM-branded products, search IBM’s Fix Central page. Lenovo also has a tutorial page with specific instructions for each model if you need further help.

BleepingComputer first spotted Lenovo’s important BIOS update. Make sure to check if your Lenovo laptop, computer, or server is affected and update as soon as possible to keep your data, network, and computer secure.

Editors' Recommendations

Alan Truly
Computing Writer
Alan is a Computing Writer living in Nova Scotia, Canada. A tech-enthusiast since his youth, Alan stays current on what is…
Lenovo takes on M1-powered MacBooks with its own ARM-based IdeaPad 5G
lenovo ideapad 5g qualcomm snapdragon 8cx ces 2021

After being an early adopter of Qualcomm's Snapdragon chipsets on its Windows notebooks, Lenovo is upping the ante at CES 2021. While Lenovo is continuing to support Microsoft's Windows on ARM efforts, it's also now embracing 5G mobile coverage on the new IdeaPad 5G -- one of the best new laptops at CES this year.

Like Lenovo's previous Yoga C630 Snapdragon-powered clamshell, the IdeaPad 5G features strong battery life -- this notebook is rated for 20 hours of continuous video playback -- and a fan-less design with a thin-and-light form factor. The IdeaPad 5G this year will be powered by Qualcomm's Snapdragon 8cx 5G compute platform and feature Adreno 680 integrated graphics, a Snapdragon X55 modem, and 4G LTE support in areas where 5G signals aren't yet available. Where 5G is present, Lenovo claims that large files can download up to 10 times faster than over LTE.

Read more
The ThinkPad X1 Carbon and X1 Yoga get updated with 500-nit, 4K displays
a Lenovo ThinkPad X1 Yoga Gen 5 sits folded with the display facing outward.

Lenovo introduced two updated ThinkPad X1 laptops just ahead of CES 2020 hitting Las Vegas next week. Overall, the displays are their biggest improvements over Lenovo’s 2019 models, offering at least four different options from Full HD to Ultra HD.

You'll also find configurations featuring PrivacyGuard to protect your on-screen data from nosy strangers. Lenovo “enhanced” the keyboards as well to include unified communication controls.

Read more
Lenovo ThinkPads get performance boost with Intel 10th-gen Comet Lake processors
Lenovo ThinkPad X390 review



Read more