CVE-2020-8341 — Lenovo Thinkpad T490 Firmware vulnerability

3 documents3 sources

Severity

2.4LOWNVD

EPSS

0.1%

top 81.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Thinkpad T490 Firmware Lenovo Thinkpad T490s Firmware Lenovo Thinkpad T495 Drift Firmware +5 more

Timeline

PublishedSep 1

Latest updateMay 24

Description

In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages8 packages

▶NVDlenovo/thinkpad_t490_firmware< n2iet90w+1

▶NVDlenovo/thinkpad_t590_firmware< n2iet90w

▶NVDlenovo/thinkpad_x390_firmware< n2jet89w+1

▶NVDlenovo/thinkpad_t490s_firmware< n2jet89w

▶NVDlenovo/thinkpad_x1_yoga_firmware< n2het54w

🔴Vulnerability Details

GHSA

GHSA-f46h-7c54-hvw7: In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash↗2022-05-24

▶

CVEList

CVE-2020-8341: In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash↗2020-09-01

▶