Lenovo Security Advisory: LEN-31334
Potential Impact: Escalation of privilege
Severity: Medium
Scope of Impact: Industry-wide
CVE Identifier: CVE-2020-15596
Summary Description:
ALPS ALPINE reported a DLL search path vulnerability in the ALPS ALPINE Touchpad driver that could allow privilege escalation.
Mitigation Strategy for Customers (what you should do to protect yourself):
ALPS ALPINE recommends upgrading to the ALPS ALPINE Touchpad driver version (or newer) indicated for your model in the Product Impact section below.
Affected Products:
To download the version specified for your product below, follow these steps:
Navigate to the Drivers & Software support site for your product:
Lenovo also offers tools to assist with update management as an alternative to the manual steps described above. Refer to the following for additional help:
PC Products and Software: <https://support.lenovo.com/us/en/solutions/ht504759>
Server and Enterprise Software: <https://support.lenovo.com/us/en/solutions/lnvo-lxcaupd> and <https://datacentersupport.lenovo.com/us/en/documents/lnvo-center>
Click below links to view affected products:
IdeaPad/Lenovo Notebook
ThinkPad
References:
ALPS ALPINE: <https://seclists.org/fulldisclosure/2020/Jul/30>
Revision History:
Revision
|
Date
|
Description
β|β|β
6 | 2020-10-12 | Updated ThinkPad
5 | 2020-09-10 | Updated Lenovo Notebook and ThinkPad
4 | 2020-08-31 | Updated ThinkPad
3 | 2020-08-14 | Updated Lenovo Notebook
2 | 2020-08-13 | Updated Lenovo Notebook and ThinkPad
1
|
2020-08-11
|
Initial release
For a complete list of all Lenovo Product Security Advisories, click here.
For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an βas isβ basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.