LVFS Activity Going Wild Ahead Of New Security Disclosure Requiring Firmware Update
Last summer LVFS shot up with activity and when that huge uptick in LVFS activity occurred it ended up being due to Dell BIOS/UEFI updates due to new security vulnerabilities.
The sudden surge in LVFS/Fwupd activity at around three times its usual volume does seem to point to another imminent security vulnerability being disclosed around system firmware.
A new security advisory is on the way...
Red Hat's Richard Hughes who serves as the FWUPD/LVFS lead developer alludes to such with today's news of the skyrocketing LVFS activity:
The #LVFS is now delivering more than 15,000 updates *per-hour* (about x3 normal) -- it's almost like a vendor is shipping updates like crazy for an high severity upcoming security issue. Patch your hardware people! 😉— Richard Hughes (@hughsient) January 18, 2022
On fwupd.org the new firmware list points to a number of Lenovo and Dell systems seeing firmware updates yesterday.
The common theme among the change-logs are indeed pointing to security updates.
Some of yesterday's firmware updates carry an urgency level of "critical".
Go forth and run sudo fwupdtool update to check for system firmware updates on your system, assuming your PC/motherboard vendor allows firmware updates via LVFS/Fwupd... (Update: after personally using "fwupdtool update" for years, apparently the endorsed method is using "fwupdmgr update" with fwupdtool apparently being intended for debugging.)
If your system lacks LVFS/fwupd support, you can also head on over to your PC/motherboard vendor website to check for new BIOS/firmware updates to flash outside of Linux.