CVE-2020-8333

Published: Sep 24, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution

Affected (27)

Products: Lenovo: 63 Firmware, H50 30g Firmware, M4500 Firmware, M4550 Firmware, Qitian 4500 Firmware, Qitian B4550 Firmware, Qitian M4550 Firmware, Thinkcentre E73 Firmware, Thinkcentre E73s Firmware, Thinkcentre E93 Firmware, Thinkcentre M4500k Firmware, Thinkcentre M4500q Firmware, Thinkcentre M4500t Firmware, Thinkcentre M4500s Firmware, Yangtian Afh81 Firmware, Yangtian Mc H81 Firmware, Yangtian Mf H81 Pci Firmware, Yangtian Wf H81 Pci Firmware, Yangtian Tc H81 Pci Firmware, Yangtian Wcc H81 Pci Firmware, Thinkcentre M9350z Firmware, Thinkcentre M93z Firmware, Thinkstation C30 Firmware, Thinkstation D30 Firmware, Thinkstation E32 Firmware, Thinkstation P300 Firmware, Thinkstation S30 Firmware

27 products

Qitian B4550 Firmware

Qitian M4550 Firmware

Thinkcentre E73 Firmware

Thinkcentre E73s Firmware

Thinkcentre E93 Firmware

Thinkcentre M4500k Firmware

Thinkcentre M4500q Firmware

Thinkcentre M4500t Firmware

Thinkcentre M4500s Firmware

Yangtian Afh81 Firmware

Yangtian Mc H81 Firmware

Yangtian Mf H81 Pci Firmware

Yangtian Wf H81 Pci Firmware

Yangtian Tc H81 Pci Firmware

Yangtian Wcc H81 Pci Firmware

Thinkcentre M9350z Firmware

Thinkcentre M93z Firmware

Thinkstation C30 Firmware

Thinkstation D30 Firmware

Thinkstation E32 Firmware

Thinkstation P300 Firmware

Thinkstation S30 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo 63 Firmware	Before fckt98a

Running on/with	Platform Versions
Lenovo 63	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo H50 30g Firmware	Before fckt98a

Running on/with	Platform Versions
Lenovo H50 30g	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo M4500 Firmware	Before fckt98a

Running on/with	Platform Versions
Lenovo M4500	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo M4550 Firmware	Before fckt98a

Running on/with	Platform Versions
Lenovo M4550	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Qitian 4500 Firmware	Before fckt98a

Running on/with	Platform Versions
Lenovo Qitian 4500	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Qitian B4550 Firmware	Before fckt98a

Running on/with	Platform Versions
Lenovo Qitian B4550	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Qitian M4550 Firmware	Before fckt98a

Running on/with	Platform Versions
Lenovo Qitian M4550	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre E73 Firmware	Before fckt98a

Running on/with	Platform Versions
Lenovo Thinkcentre E73	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre E73s Firmware	Before fckt98a

Running on/with	Platform Versions
Lenovo Thinkcentre E73s	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre E93 Firmware	Before fbktdea

Running on/with	Platform Versions
Lenovo Thinkcentre E93	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M4500k Firmware	Before fckt98a

Running on/with	Platform Versions
Lenovo Thinkcentre M4500k	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M4500q Firmware	Before fhkt85a

Running on/with	Platform Versions
Lenovo Thinkcentre M4500q	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M4500t Firmware	Before fckt98a

Running on/with	Platform Versions
Lenovo Thinkcentre M4500t	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M4500s Firmware	Before fckt98a

Running on/with	Platform Versions
Lenovo Thinkcentre M4500s	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Yangtian Afh81 Firmware	Before fckt98a

Running on/with	Platform Versions
Lenovo Yangtian Afh81	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Yangtian Mc H81 Firmware	Before fckt98a

Running on/with	Platform Versions
Lenovo Yangtian Mc H81	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Yangtian Mf H81 Pci Firmware	Before fckt98a

Running on/with	Platform Versions
Lenovo Yangtian Mf H81 Pci	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Yangtian Wf H81 Pci Firmware	Before fckt98a

Running on/with	Platform Versions
Lenovo Yangtian Wf H81 Pci	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Yangtian Tc H81 Pci Firmware	Before fckt98a

Running on/with	Platform Versions
Lenovo Yangtian Tc H81 Pci	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Yangtian Wcc H81 Pci Firmware	Before fckt98a

Running on/with	Platform Versions
Lenovo Yangtian Wcc H81 Pci	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M9350z Firmware	Before fekta2a

Running on/with	Platform Versions
Lenovo Thinkcentre M9350z	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M93z Firmware	Before fekta2a

Running on/with	Platform Versions
Lenovo Thinkcentre M93z	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation C30 Firmware	Before a3kt70a

Running on/with	Platform Versions
Lenovo Thinkstation C30	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation D30 Firmware	Before a3kt70a

Running on/with	Platform Versions
Lenovo Thinkstation D30	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation E32 Firmware	Before fbktdea

Running on/with	Platform Versions
Lenovo Thinkstation E32	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P300 Firmware	Before a2kt70a

Running on/with	Platform Versions
Lenovo Thinkstation P300	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation S30 Firmware	Before a2kt70a

Running on/with	Platform Versions
Lenovo Thinkstation S30	All versions

References (2)

https://support.lenovo.com/us/en/product_security/LEN-30042

Source: psirt@lenovo.com

PatchVendor Advisory

https://support.lenovo.com/us/en/product_security/LEN-30042

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.