CVE-2020-8341

Published: Sep 1, 2020Modified: Nov 21, 2024

2.4

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 0.9 / Impact: 1.4

Source: NVD

Description

In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.

Affected (10)

Products: Lenovo: Thinkpad T490 (20nx) Firmware, Thinkpad T490 (20qx) Firmware, Thinkpad T490 (20rx) Firmware, Thinkpad T490s (20nx) Firmware, Thinkpad T495 Drift Firmware, Thinkpad T590 (20nx) Firmware, Thinkpad X1 Carbon (20qx) Firmware, Thinkpad X1 Yoga (20qx) Firmware, Thinkpad X390 (20qx) Firmware, Thinkpad X390 (20sx) Firmware

Lenovo

10 products

Thinkpad T490 (20nx) Firmware

Thinkpad T490 (20qx) Firmware

Thinkpad T490 (20rx) Firmware

Thinkpad T490s (20nx) Firmware

Thinkpad T495 Drift Firmware

Thinkpad T590 (20nx) Firmware

Thinkpad X1 Carbon (20qx) Firmware

Thinkpad X1 Yoga (20qx) Firmware

Thinkpad X390 (20qx) Firmware

Thinkpad X390 (20sx) Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkpad T490 (20nx) Firmware	Before n2iet90w

Running on/with	Platform Versions
Lenovo Thinkpad T490 (20nx)	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkpad T490 (20qx) Firmware	Before n2iet90w

Running on/with	Platform Versions
Lenovo Thinkpad T490 (20qx)	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkpad T490 (20rx) Firmware	Before n2ret16w

Running on/with	Platform Versions
Lenovo Thinkpad T490 (20rx)	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkpad T490s (20nx) Firmware	Before n2jet89w

Running on/with	Platform Versions
Lenovo Thinkpad T490s (20nx)	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkpad T495 Drift Firmware	Before 2020-08-30

Running on/with	Platform Versions
Lenovo Thinkpad T495 Drift	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkpad T590 (20nx) Firmware	Before n2iet90w

Running on/with	Platform Versions
Lenovo Thinkpad T590 (20nx)	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkpad X1 Carbon (20qx) Firmware	Before n2het54w

Running on/with	Platform Versions
Lenovo Thinkpad X1 Carbon (20qx)	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkpad X1 Yoga (20qx) Firmware	Before n2het54w

Running on/with	Platform Versions
Lenovo Thinkpad X1 Yoga (20qx)	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkpad X390 (20qx) Firmware	Before n2jet89w

Running on/with	Platform Versions
Lenovo Thinkpad X390 (20qx)	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkpad X390 (20sx) Firmware	Before n2set18w

Running on/with	Platform Versions
Lenovo Thinkpad X390 (20sx)	All versions

References (2)

https://support.lenovo.com/us/en/product_security/LEN-30042

Source: psirt@lenovo.com

Vendor Advisory

https://support.lenovo.com/us/en/product_security/LEN-30042

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.