7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
Lenovo Security Advisory: LEN-30042
Potential Impact: Privilege escalation, denial of service, information disclosure
Severity: High
Scope of Impact: Industry-wide
CVE Identifier: CVE-2020-0528, CVE-2020-0529, CVE-2020-8320, CVE-2020-8321, CVE-2020-8322, CVE-2020-8323, CVE-2020-8333, CVE-2020-8334 , CVE-2020-8336, CVE-2019-14561, CVE-2019-14562
Summary Description:
When possible, Lenovo consolidates multiple BIOS security fixes and enhancements into as few updates as possible. The following list of vulnerabilities were reported by suppliers and researchers or were found during our regular internal testing. Not all products listed in the Product Impact section of this advisory were affected by every CVE summarized here.
AMI has released AMI Aptio V BIOS security enhancements. No CVEs available.
Intel reported potential security vulnerabilities in BIOS firmware for Intel Processors that may allow escalation of privilege and/or denial of service. INTEL-SA-00322: CVE-2020-0529, CVE-2020-0528
An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege. CVE-2020-8320
A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. CVE-2020-8321
A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. CVE-2020-8322
A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution. CVE-2020-8323
A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution. CVE-2020-8333
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access. CVE-2020-8334
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285/A485/T495/T495s/X395 while the emergency-reset button is pressed which may allow for unauthorized access. CVE-2020-8335
Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash. CVE-2020-8336โ
In Lenovo, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected. CVE-2020-8341
Phoenix has released security enhancements for Phoenix BIOS to fix SMI handler vulnerabilities. No CVEs available
Multiple buffer validation vulnerabilities in TianoCore EDK II BIOS that could lead to denial of service. CVE-2019-14561, CVE-2019-14562
Mitigation Strategy for Customers (what you should do to protect yourself):
Update system firmware to the version (or newer) indicated for your model in the Product Impact section.
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C