UMC Security Advisory: Security Issues on All Lenovo devices

-

     We are aware and acknowledged receipt that was received reports from Lenovo Support with LEN-200921. Lenovo stated that vulnerability could impact for industry-wide systems including ThinkPads and IdeaPads to servers and desktops, based on the “Product Impact” tables. So, please update immediately to patch the BIOS update which specifically scheduled target availability by Lenovo developers. The list of all affected can be found here. Guides, also added for posts in Multi-Vendor BIOS Security Vulnerabilities

Note: Not all devices were affected, affected can vary by model devices. It's best to check BIOS via Lenovo Support.

Links: https://support.lenovo.com/us/en/product_security/LEN-200921

Typically, it was found to be listed of CVEs and LENs:

Lenovo Security Advisory: LEN-200921

Potential Impact: Code Execution, Denial of Service, Information Disclosure, Privilege Escalation

Severity: High

Scope of Impact: Industry-wide

CVE Identifier: Full list of CVEs is available on Lenovo Support security advisory.

UMC will be updated our fleets by updating and looking of scope in maintained releases by using Target Availability dates. We appreciate the results that caused to impact industry-wide devices. Although, the Legion Gen 10 were on hold due to security vulnerability. The original report from Lenovo published initial release on August 12, 2025, to updates on August 14 and August 21, as Lenovo refined their Product Impact scope. See Guides below for more info.

Guide to update BIOS:

  • Check BIOS by using Lenovo Support link.
  • Navigate to Drivers & Software > BIOS/UEFI, compare previous and newer firmware (Note: The availability may vary).
  • Verify if BIOS is affected. If not, this will be not affected.
  • Use Lenovo update tools like System Update, Commercial Vantage, or XClarity (for servers).
Last updated: 08/22/2025

Comments

Post a Comment

Popular posts from this blog

UMC Security Advisory - Celxpert Battery Issues

-
Image
Issue date: 30/07/2025  Updated : 31/07/2025  Note:  We updated with example of LNV -5B10W13897 batteries. (Update: UMC officially designated as L17C3PS2.) UMC ID: UMC01-07042   UMC today announced that was issued formal advisory that would recall of current fleet laptops is Lenovo ThinkPad L15 Gen 2a was equipped with Celxpert batteries because that degradation trend was flaw , lasting only 3+ hour battery life as observed. Key findings were included in screenshots. Figure 1: A degradation trend from 45.73Wh to 38.39Wh in Commercial Vantage. Multiple complaints from Reddit users raised concerns over the Celxpert batteries because they degrade into 16% wear level based on observations from linux-hardware.org sites that used to lookup for battery models and concluded that Celxpert (e.g,  LNV-5B10W13897  (L17C3PS2 detected) batteries) was worst long-term retention of advertised watt-hours. UMC recommends AVOIDING  Celxpert-made geninue Lenovo ba...
Read more

How I Became a Proactive Battery Monitor (Catching Issues Early)

-
Author : Felisitas Faya P. Most users notice battery problems only after something feels wrong — shorter runtime, sudden health drops, or unstable charging. By that point, degradation has already accumulated. My goal was different from the start: catch battery issues early , before they become visible, irreversible, or expensive. The Beginning: Observing, Not Assuming (2022) In 2022, I began continuously monitoring battery health on my Lenovo Yoga Slim 7 Carbon 13ITL5. Using Lenovo Vantage Battery Details alongside HWiNFO’s tray monitoring, I tracked capacity, temperature, charging behavior, and long-term trends in real usage. The purpose wasn’t to follow battery myths or chase perfect numbers. It was to understand how batteries actually age over time — slowly, quietly, and often invisibly. Expanding the Scope: Gaming Laptops and Heat (2024) In early 2024, I expanded this monitoring to my first gaming laptop, the IdeaPad Gaming 3 15ACH6. This introduced new variables: higher power draw...
Read more

UMC Bans the DeepSeek amid security concerns

-
 We are announcing the UMC now starting to ban the DeepSeek due to amid security concerns. The DeepSeek is a Chinese AI was developed by  Hangzhou DeepSeek Artificial Intelligence Basic Technology Research Co., Ltd. that doing business created the AI models is a thing dangerous. And the UMC banned the DeepSeek for employee using dangerous AI models that expose the personal and company information could potentially leak and vulnerable attacks that penetrated for my studio UMC Corporation. We advise to not use DeepSeek AI for security reasons. We appreciate this take serious action by UMC officials at representative from using Chinese AI apps. 
Read more