**Lenovo Security Advisory:**LEN-43118
**Potential Impact:**Denial of service
**Severity:**High
**Scope of Impact:**Industry-wide
**CVE Identifier:**CVE-2020-12288, CVE-2020-12289, CVE-2020-12290, CVE-2020- 12291, CVE-2020-12292, CVE-2020-12293, CVE-2020-12294, CVE-2020- 12295, CVE-2020-12296
Summary Description:
Intel reported potential security vulnerabilities in some Intel Thunderbolt controllers that may allow denial of service.
Mitigation Strategy for Customers (what you should do to protect yourself):
Intel recommends updating Intel Thunderbolt controllers to the firmware version (or later) indicated in the Product Impact section below.
Intel will not be releasing mitigation for CVEID: CVE-2020-12289 and CVE-2020-12288 in Intel Thunderbolt 3 controllers JHL7540, JHL7340, JHL7440, DSL6340, DSL6540, JHL6240, JHL6540 and JHL6340. To recover from these issues a device power cycle is needed.
Intel has issued Product Discontinuation notices for the Intel DSL5520 & DSL5320 Thunderbolt 2 Controllers and Intel DSL6340 & DSL6540 Thunderbolt 3 Controllers and Intel recommends that users discontinue use at their earliest convenience.