CVE-2020-8336

3 documents3 sources

Severity

6.8MEDIUM

EPSS

0.1%

top 83.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Thinkpad E14 Firmware Lenovo Thinkpad E15 Firmware Lenovo Thinkpad E490 Firmware +36 more

Timeline

PublishedJun 9

Latest updateMay 24

Description

Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash.

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages39 packages

▶NVDlenovo/thinkpad_s3_firmware< 2020-07-10

▶NVDlenovo/thinkpad_e14_firmware< 2020-07-10

▶NVDlenovo/thinkpad_e15_firmware< 2020-07-10

▶NVDlenovo/thinkpad_r14_firmware< 2020-07-10

▶NVDlenovo/thinkpad_e490_firmware< 2020-07-10

🔴Vulnerability Details

GHSA

GHSA-rmxg-p4v2-9f92: Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash↗2022-05-24

▶

CVEList

CVE-2020-8336: Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash↗2020-06-09

▶