CVE-2020-8323

3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 84.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

122

Lenovo Thinkpad 11E Firmware Lenovo Thinkpad 11E Yoga GEN 6 Firmware Lenovo Thinkpad 13 2ND GEN Firmware +119 more

Timeline

PublishedJun 9

Latest updateMay 24

Description

A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages122 packages

▶NVDlenovo/thinkpad_13_firmware< 2020-07-10

▶NVDlenovo/thinkpad_p1_firmware< n2eet46w

▶NVDlenovo/thinkpad_s1_firmware< 2020-07-07

▶NVDlenovo/thinkpad_s3_firmware< 2020-07-10

▶NVDlenovo/thinkpad_s5_firmware< 2020-07-10

🔴Vulnerability Details

GHSA

GHSA-55j2-pfhw-fwf3: A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models↗2022-05-24

▶

CVEList

CVE-2020-8323: A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models↗2020-06-09

▶