Lucene search

[email protected]CVE-2020-8322

HistoryJun 09, 2020 - 8:15 p.m.

CVE-2020-8322

2020-06-0920:15:22

[email protected]

web.nvd.nist.gov

cve-2020-8322

smi callback

legacy usb driver

lenovo notebook

thinkstation

arbitrary code execution

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.

Affected configurations

NVD

Node

lenovo330-14ast_firmwareMatch-

AND

lenovo330-14astMatch-

Node

lenovo330-15ast_firmwareMatch-

AND

lenovo330-15astMatch-

Node

lenovo330-17ast_firmwareMatch-

AND

lenovo330-17astMatch-

Node

lenovo340c-15api_firmwareMatch-

AND

lenovo340c-15apiMatch-

Node

lenovo340c-15ast_firmwareMatch-

AND

lenovo340c-15astMatch-

Node

lenovo720s_touch-15ikb_firmwareMatch-

AND

lenovo720s_touch-15ikbMatch-

Node

lenovo720s-15ikb_firmwareMatch-

AND

lenovo720s-15ikbMatch-

Node

lenovo730s-13iwl_firmwareMatch-

AND

lenovo730s-13iwlMatch-

Node

lenovoc640-iml_firmwareMatch-

AND

lenovoc640-imlMatch-

Node

lenovoe42-80_firmwareMatch-

AND

lenovoe42-80Match-

Node

lenovoe52-80_firmwareMatch-

AND

lenovoe52-80Match-

Node

lenovok22-80_firmwareMatch-

AND

lenovok22-80Match-

Node

lenovov720-12_firmwareMatch-

AND

lenovov720-12Match-

Node

lenovok32-80_kbl_firmwareMatch-

AND

lenovok32-80_kblMatch-

Node

lenovok32-80_skl_firmwareMatch-

AND

lenovok32-80_sklMatch-

Node

lenovomiix_720-12ikb_firmwareMatch-

AND

lenovomiix_720-12ikbMatch-

Node

lenovos145-14api_firmwareMatch-

AND

lenovos145-14apiMatch-

Node

lenovos145-14ast_firmwareMatch-

AND

lenovos145-14astMatch-

Node

lenovos145-15api_firmwareMatch-

AND

lenovos145-15apiMatch-

Node

lenovos145-15ast_firmwareMatch-

AND

lenovos145-15astMatch-

Node

lenovos540-13api_firmwareMatch-

AND

lenovos540-13apiMatch-

Node

lenovos750-iil_firmwareMatch-

AND

lenovos750-iilMatch-

Node

lenovos940-14iwl_firmwareMatch-

AND

lenovos940-14iwlMatch-

Node

lenovothinkbook_13s-iwl_firmwareMatch-

AND

lenovothinkbook_13s-iwlMatch-

Node

lenovothinkbook_14s-iwl_firmwareMatch-

AND

lenovothinkbook_14s-iwlMatch-

Node

lenovov110-14ast_firmwareMatch-

AND

lenovov110-14astMatch-

Node

lenovov110-14ikb_firmwareMatch-

AND

lenovov110-14ikbMatch-

Node

lenovov110-15ast_firmwareMatch-

AND

lenovov110-15astMatch-

Node

lenovov130-15igm_firmwareMatch-

AND

lenovov130-15igmMatch-

Node

lenovov130-15ikb_firmwareMatch-

AND

lenovov130-15ikbMatch-

Node

lenovov310-15igm_firmwareMatch-

AND

lenovov310-15igmMatch-

Node

lenovov330-15igm_firmwareMatch-

AND

lenovov330-15igmMatch-

Node

lenovov330-15ikb_firmwareMatch-

AND

lenovov330-15ikbMatch-

Node

lenovov330-15isk_firmwareMatch-

AND

lenovov330-15iskMatch-

Node

lenovov340-iil_firmwareMatch-

AND

lenovov340-iilMatch-

Node

lenovov340-iml_firmwareMatch-

AND

lenovov340-imlMatch-

Node

lenovov540s-13_firmwareMatch-

AND

lenovov540s-13Match-

Node

lenovo14iwl_firmwareMatch-

AND

lenovo14iwlMatch-

Node

lenovov730-13ikb_firmwareMatch-

AND

lenovov730-13ikbMatch-

Node

lenovov730-13isk_firmwareMatch-

AND

lenovov730-13iskMatch-

Node

lenovov730-15ikb_firmwareMatch-

AND

lenovov730-15ikbMatch-

Node

lenovowei5-15ikb_firmwareMatch-

AND

lenovowei5-15ikbMatch-

Node

lenovoxiaoxin_14-ast_qc_2019_firmwareMatch-

AND

lenovoxiaoxin_14-ast_qc_2019Match-

Node

lenovoxx-14api_qc_2019_firmwareMatch-

AND

lenovoxx-14api_qc_2019Match-

Node

lenovoyoga_s730-13iwl_firmwareMatch-

AND

lenovoyoga_s730-13iwlMatch-

Node

lenovoyoga_s940-14iwl_firmwareMatch-

AND

lenovoyoga_s940-14iwlMatch-

Node

lenovo6_pro-13-iwl_firmwareMatch-

AND

lenovo6_pro-13-iwlMatch-

Node

lenovo6_pro-14-iwl_firmwareMatch-

AND

lenovo6_pro-14-iwlMatch-

Node

lenovoe53-80_firmwareMatch-

AND

lenovoe53-80Match-

Node

lenovok3_firmwareMatch-

AND

lenovok3Match-

Node

lenovok4-iwl_firmwareMatch-

AND

lenovok4-iwlMatch-

CPENameOperatorVersion
lenovo:330-14ast_firmwarelenovo 330-14ast firmwareeq-

CPE	Name	Operator	Version
lenovo:330-14ast_firmware	lenovo 330-14ast firmware	eq	-

CNA Affected

[
  {
    "product": "BIOS",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-30042

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2020-8322

prion1 cvelist1 nvd1 lenovo1