CVE-2020-8321

Name: CVE-2020-8321
Creator: NVD / NIST
Published: 2020-06-09T20:15:22.24+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.7/10EPSS 0.33%

Last modified Jun 17, 2026

CVE-2020-8321 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.. EPSS estimates a 0.33% chance of exploitation in the next 30 days.

Description

A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.

Metrics

CVSS 3.1

6.7/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.33%

24.8th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Lenovo	130-14ast Firmware	All versions
Lenovo	130-14ikb Firmware	All versions
Lenovo	130-15ast Firmware	All versions
Lenovo	130-15ikb Firmware	All versions
Lenovo	320c-15ikb Firmware	All versions
Lenovo	330-14igm Firmware	All versions
Lenovo	330-14ikb Firmware	All versions
Lenovo	330-14ikbr Firmware	All versions
Lenovo	330-15arr Firmware	All versions
Lenovo	330-15arr Touch Firmware	All versions
Lenovo	330-15ich Firmware	All versions
Lenovo	330-15igm Firmware	All versions
Lenovo	330-15ikb Firmware	All versions
Lenovo	330-15ikbr Firmware	All versions
Lenovo	330-15ikbr Touch Firmware	All versions
Lenovo	330-17ich Firmware	All versions
Lenovo	330-17ikb Firmware	All versions
Lenovo	330-17ikbr Firmware	All versions
Lenovo	330c-14ikb Firmware	All versions
Lenovo	330c-15ikb Firmware	All versions
Lenovo	330c-15ikbr Firmware	All versions
Lenovo	340c-15igm Firmware	All versions
Lenovo	340c-15ikb Firmware	All versions
Lenovo	340c-15iwl Firmware	All versions
Lenovo	530s-14iwl Firmware	All versions
Lenovo	530s-15iwl Firmware	All versions
Lenovo	530s-14arr Firmware	All versions
Lenovo	530s-14ikb Firmware	All versions
Lenovo	530s-15ikb Firmware	All versions
Lenovo	720s-13arr Firmware	All versions
Lenovo	720s-14ikbr Firmware	All versions
Lenovo	C340-14api Firmware	All versions
Lenovo	C340-14iml Firmware	All versions
Lenovo	C340-14iwl Firmware	All versions
Lenovo	C340-15iil Firmware	All versions
Lenovo	C340-15iml Firmware	All versions
Lenovo	C340-15iwl Firmware	All versions
Lenovo	D330-10igm Firmware	All versions
Lenovo	D335-10igm Firmware	All versions
Lenovo	E4-14arr Firmware	All versions
Lenovo	Flex 6-14arr Firmware	All versions
Lenovo	Flex 6-14ikb Firmware	All versions
Lenovo	Flex-14iwl Firmware	All versions
Lenovo	Flex-15iwl Firmware	All versions
Lenovo	Ideapad 3 14 Firmware	All versions
Lenovo	Ideapad 3 15 Firmware	All versions
Lenovo	Ideapad 3 17iml05 Firmware	All versions
Lenovo	Ideapad 3 15iil05 Firmware	All versions
Lenovo	Ideapad 3 14iil05 Firmware	All versions
Lenovo	Ideapad 5 15iil05 Firmware	All versions

Showing 50 of 172 affected configurations. See NVD for the full list.

References

https://support.lenovo.com/us/en/product_security/LEN-30042Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-30042Vendor Advisory

Timeline

Published: Jun 9, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-8321?

A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.

How severe is CVE-2020-8321?

CVE-2020-8321 has a CVSS score of 6.7/10 (MEDIUM severity). The EPSS model estimates a 0.33% probability of exploitation in the next 30 days.

How do I fix CVE-2020-8321?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-8321?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST