UMC Security Advisory: Security Vulnerability on Legion 5

-

 UMC has identified and collected from the Lenovo Download regarding two newly identified BIOS security vulnerabilities—CVE-2024-38798 and CVE-2025-3770—affecting the Lenovo Legion 5 15AKP10 (Global) and Legion R7000 AKP10 (China) models.

Details of the vulnerabilities:

  • CVE-2024-38798 – A medium-severity BIOS vulnerability in the TianoCore EDK2 firmware where local access may allow an attacker to cause exposure of sensitive information or potential escalation of privileges, impacting system confidentiality.

  • CVE-2025-3770 – A higher-severity flaw also in EDK2 BIOS where a local attacker could trigger a protection mechanism failure, potentially allowing arbitrary code execution and affecting confidentiality, integrity, and availability.

For more information, see the BIOS README for RYCN28WW on Lenovo Download:
https://download.lenovo.com/consumer/mobiles/rycn28ww.txt

Note:
This UMC security advisory is issued independently and oversees the identification and reporting of security flaws.

Comments

Post a Comment

Popular posts from this blog

UMC Security Advisory - Celxpert Battery Issues

-
Image
Issue date: 30/07/2025  Updated : 31/07/2025  Note:  We updated with example of LNV -5B10W13897 batteries. (Update: UMC officially designated as L17C3PS2.) UMC ID: UMC01-07042   UMC today announced that was issued formal advisory that would recall of current fleet laptops is Lenovo ThinkPad L15 Gen 2a was equipped with Celxpert batteries because that degradation trend was flaw , lasting only 3+ hour battery life as observed. Key findings were included in screenshots. Figure 1: A degradation trend from 45.73Wh to 38.39Wh in Commercial Vantage. Multiple complaints from Reddit users raised concerns over the Celxpert batteries because they degrade into 16% wear level based on observations from linux-hardware.org sites that used to lookup for battery models and concluded that Celxpert (e.g,  LNV-5B10W13897  (L17C3PS2 detected) batteries) was worst long-term retention of advertised watt-hours. UMC recommends AVOIDING  Celxpert-made geninue Lenovo ba...
Read more

How I Became a Proactive Battery Monitor (Catching Issues Early)

-
Author : Felisitas Faya P. Most users notice battery problems only after something feels wrong — shorter runtime, sudden health drops, or unstable charging. By that point, degradation has already accumulated. My goal was different from the start: catch battery issues early , before they become visible, irreversible, or expensive. The Beginning: Observing, Not Assuming (2022) In 2022, I began continuously monitoring battery health on my Lenovo Yoga Slim 7 Carbon 13ITL5. Using Lenovo Vantage Battery Details alongside HWiNFO’s tray monitoring, I tracked capacity, temperature, charging behavior, and long-term trends in real usage. The purpose wasn’t to follow battery myths or chase perfect numbers. It was to understand how batteries actually age over time — slowly, quietly, and often invisibly. Expanding the Scope: Gaming Laptops and Heat (2024) In early 2024, I expanded this monitoring to my first gaming laptop, the IdeaPad Gaming 3 15ACH6. This introduced new variables: higher power draw...
Read more

UMC Bans the DeepSeek amid security concerns

-
 We are announcing the UMC now starting to ban the DeepSeek due to amid security concerns. The DeepSeek is a Chinese AI was developed by  Hangzhou DeepSeek Artificial Intelligence Basic Technology Research Co., Ltd. that doing business created the AI models is a thing dangerous. And the UMC banned the DeepSeek for employee using dangerous AI models that expose the personal and company information could potentially leak and vulnerable attacks that penetrated for my studio UMC Corporation. We advise to not use DeepSeek AI for security reasons. We appreciate this take serious action by UMC officials at representative from using Chinese AI apps. 
Read more