bleepingcomputer[.]com/news/security/lenovo-fixes-flaws-that-can-be-used-to-disable-uefi-secure-boot/
support.lenovo[.]com/us/en/product_security/LEN-94952
Lenovo has fixed two high-severity vulnerabilities impacting various ThinkBook, IdeaPad, and Yoga laptop models that could allow an attacker to deactivate UEFI Secure Boot.
The problem arises from Lenovo mistakenly including an early development driver that could change secure boot settings from the OS in the final production versions.
Lenovo lists the effected models at the 2nd link. Note: be sure the laptop is plugged in & follow any directions exactly -- If something goes wrong flashing the BIOS it can brick the device.