CVE-2020-8354Time-of-check Time-of-use (TOCTOU) Race Condition in Lenovo Bios

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition3 documents3 sources
Severity
6.7MEDIUMNVD
CNA6.4
EPSS
0.0%
top 90.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Lenovo Bios
Timeline
PublishedNov 11
Latest updateMay 24

Description

A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages1 packages

CVEListV5lenovo/biosunspecifiedvarious

🔴Vulnerability Details

2
GHSA
GHSA-g763-g64f-m23g: A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code e2022-05-24
CVEList
CVE-2020-8354: A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code e2020-11-11
CVE-2020-8354 — Lenovo Bios vulnerability | cvebase