[German]Another brief summary of security vulnerabilities in devices. At the end of July 2025, Lenovo notebooks reported vulnerabilities that could be closed via UEFI updates. And in Dell notebooks, a vulnerability called ReVault was found in the ControlVault3 firmware for Broadcom chips. NVIDIA GPUs are vulnerable to an attack called GPUHammer and should be protected against it via ECC testing.
Advertising
Vulnerabilities in Lenovo UEFI
Lenovo's Insyde BIOS Vulnerabilities warning states that there are security issues with some Lenovo IdeaCentre and Yoga All-In-One products. Potential vulnerabilities have been reported (by security researchers at Binarly) in the Insyde BIOS used by these device models, which could allow a privileged local attacker to read SMRAM contents or execute arbitrary code in System Management Mode (SMM).
Lenovo lists the vulnerabilities as CVE-2025-4421, CVE-2025-4422, CVE-2025-4423, CVE-2025-4424, CVE-2025-4425, and CVE-2025-4426 in its security advisory. Details about these vulnerabilities can be found at insyde.com (as of July 29, 2025).
Lenovo offers firmware updates that fix these vulnerabilities in the BIOS/UEFI. Users should visit the Lenovo product pages and search for their model to find the download. For Lenovo devices, it is this product page (only China has a separate page), for IBM devices, it is this support page.
Further details on the update can be found in the Insyde BIOS Vulnerabilities article. Bleeping Computer has published this article with information that new UEFI firmware updates from Lenovo eliminate vulnerabilities that allow Secure Boot to be bypassed.
ReVault vulnerability in Dell Notebooks
On August 5, 2025, Cisco Talos reported in the article ReVault! When your SoC turns against you…, that it had reported five vulnerabilities (CVE-2025-24311, CVE-2025-25215, CVE-2025-24922, CVE-2025-25050, CVE-2025-24919) to Broadcom and Dell that affect both the ControlVault3 firmware and the associated Windows APIs. Talos has dubbed the whole thing ReVault and states that more than 100 Dell notebook models containing Broadcom SoCs (BCM5820X) are affected.
Advertising
Dell ControlVault is a hardware-based security solution that provides secure storage for passwords, biometric templates, and security codes within the firmware. A daughterboard provides this functionality in Dell devices and executes these security functions in the firmware.
Dell Unified Security Hub (USH); Source: Talos
Dell refers to the daughterboard as the Unified Security Hub (USH) because it serves as a hub for running ControlVault (CV) and connects various security peripherals such as fingerprint readers, smart card readers, and NFC readers.
Talos states that a ReVault attack can be used after a compromise to anchor persistent malware that remains even after a reinstallation of Windows. The ReVault attack can also be used as a physical compromise to bypass Windows login and/or grant local users administrator/system privileges.
Talos recommends keeping systems up to date to ensure that the latest firmware is installed. ControlVault (CV) firmware can be automatically deployed via Windows Update. New firmware is usually released on the Dell website a few weeks in advance and can be installed manually.
Users who do not use any of the security peripherals (fingerprint reader, smart card reader, and NFC reader) can disable the CV services (via the Service Manager) and/or the CV device (via the Device Manager) to eliminate the risk.
According to Talos, it also makes sense to disable fingerprint login when the risk is increased (e.g., when users leave their laptop unattended in a hotel room). Windows also offers Enhanced Sign-in Security (ESS), which can help block some of the physical attack vectors. The Talos article provides tips on how to detect an attack on tampered devices.
A Dell spokesperson told The Register that the company notified its customers on June 13, 2025, about updates to fix these bugs. There appears to be no evidence of exploitation so far. The Dell page with information on affected devices and updates can be found here.
GPUHammer: Rowhammer in NVIDIA GPUs with AI models
Just a quick addendum, because I don't want to write a separate post. In mid-July 2025, the post GPUHammer: New RowHammer Attack Variant Degrades AI Models on NVIDIA GPUs has been published.
Researchers have succeeded in developing a RowHammer exploit to launch attacks against NVIDIA GPUs (e.g., NVIDIA A6000 GPU with GDDR6 memory). The attacks, known as GPUHammer, enable malicious GPU users to manipulate other users' data by triggering bit flips in the GPU memory.
According to researchers at the University of Toronto, the most worrying consequence of this behavior is the deterioration of the accuracy of an artificial intelligence (AI) model from 80% to less than 1%. NVIDIA urges its customers to enable error correction codes (ECC) at the system level to protect themselves against this GPU variant of the RowHammer attack.
Advertising
