Intel Thunderbolt Controller Advisory - Lenovo Support NL

**Lenovo Security Advisory:**LEN-43118

**Potential Impact:**Denial of service

**Severity:**High

**Scope of Impact:**Industry-wide

**CVE Identifier:**CVE-2020-12288, CVE-2020-12289, CVE-2020-12290, CVE-2020- 12291, CVE-2020-12292, CVE-2020-12293, CVE-2020-12294, CVE-2020- 12295, CVE-2020-12296

Summary Description:

Intel reported potential security vulnerabilities in some Intel Thunderbolt controllers that may allow denial of service.

Mitigation Strategy for Customers (what you should do to protect yourself):

Intel recommends updating Intel Thunderbolt controllers to the firmware version (or later) indicated in the Product Impact section below.

Intel will not be releasing mitigation for CVEID: CVE-2020-12289 and CVE-2020-12288 in Intel Thunderbolt 3 controllers JHL7540, JHL7340, JHL7440, DSL6340, DSL6540, JHL6240, JHL6540 and JHL6340. To recover from these issues a device power cycle is needed.

Intel has issued Product Discontinuation notices for the Intel DSL5520 & DSL5320 Thunderbolt 2 Controllers and Intel DSL6340 & DSL6540 Thunderbolt 3 Controllers and Intel recommends that users discontinue use at their earliest convenience.