Multi-vendor BIOS Security Vulnerabilities (June 2020) - Lenovo Support US

Lenovo Security Advisory: LEN-30042

Potential Impact: Privilege escalation, denial of service, information disclosure

Severity: High

Scope of Impact: Industry-wide

CVE Identifier: CVE-2020-0528, CVE-2020-0529, CVE-2020-8320, CVE-2020-8321, CVE-2020-8322, CVE-2020-8323, CVE-2020-8333, CVE-2020-8334 , CVE-2020-8336, CVE-2019-14561, CVE-2019-14562

Summary Description:

When possible, Lenovo consolidates multiple BIOS security fixes and enhancements into as few updates as possible. The following list of vulnerabilities were reported by suppliers and researchers or were found during our regular internal testing. Not all products listed in the Product Impact section of this advisory were affected by every CVE summarized here.

AMI has released AMI Aptio V BIOS security enhancements. No CVEs available.

Intel reported potential security vulnerabilities in BIOS firmware for Intel Processors that may allow escalation of privilege and/or denial of service. INTEL-SA-00322: CVE-2020-0529, CVE-2020-0528

An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege. CVE-2020-8320

A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. CVE-2020-8321

A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. CVE-2020-8322

A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution. CVE-2020-8323

A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution. CVE-2020-8333

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access. CVE-2020-8334

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285/A485/T495/T495s/X395 while the emergency-reset button is pressed which may allow for unauthorized access. CVE-2020-8335

Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash. CVE-2020-8336​

In Lenovo, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected. CVE-2020-8341

Phoenix has released security enhancements for Phoenix BIOS to fix SMI handler vulnerabilities. No CVEs available

Multiple buffer validation vulnerabilities in TianoCore EDK II BIOS that could lead to denial of service. CVE-2019-14561, CVE-2019-14562

Mitigation Strategy for Customers (what you should do to protect yourself):

Update system firmware to the version (or newer) indicated for your model in the Product Impact section.