Strix
26.1K

CVE-2020-8323

MEDIUMCVSS 6.7/10EPSS 0.31%

Last modified

CVE-2020-8323 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.. EPSS estimates a 0.31% chance of exploitation in the next 30 days.

Description

A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.

Metrics

CVSS 3.1
6.7/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.31%

23.0th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
Lenovo330-14ast FirmwareAll versions
Lenovo330-15ast FirmwareAll versions
Lenovo330-17ast FirmwareAll versions
Lenovo340c-15api FirmwareAll versions
Lenovo340c-15ast FirmwareAll versions
Lenovo720s Touch-15ikb FirmwareAll versions
Lenovo720s-15ikb FirmwareAll versions
Lenovo730s-13iwl FirmwareAll versions
LenovoC640-Iml FirmwareAll versions
LenovoE42-80 FirmwareAll versions
LenovoE52-80 FirmwareAll versions
LenovoK22-80 FirmwareAll versions
LenovoV720-12 FirmwareAll versions
LenovoK32-80 Kbl FirmwareAll versions
LenovoK32-80 Skl FirmwareAll versions
LenovoMiix 720-12ikb FirmwareAll versions
LenovoS145-14api FirmwareAll versions
LenovoS145-14ast FirmwareAll versions
LenovoS145-15api FirmwareAll versions
LenovoS145-15ast FirmwareAll versions
LenovoS540-13api FirmwareAll versions
LenovoS750-Iil FirmwareAll versions
LenovoS940-14iwl FirmwareAll versions
LenovoThinkbook 13s-Iwl FirmwareAll versions
LenovoThinkbook 14s-Iwl FirmwareAll versions
LenovoV110-14ast FirmwareAll versions
LenovoV110-14ikb FirmwareAll versions
LenovoV110-15ast FirmwareAll versions
LenovoV130-15igm FirmwareAll versions
LenovoV130-15ikb FirmwareAll versions
LenovoV310-15igm FirmwareAll versions
LenovoV330-15igm FirmwareAll versions
LenovoV330-15ikb FirmwareAll versions
LenovoV330-15isk FirmwareAll versions
LenovoV340-Iil FirmwareAll versions
LenovoV340-Iml FirmwareAll versions
LenovoV540s-13 FirmwareAll versions
Lenovo14iwl FirmwareAll versions
LenovoV730-13ikb FirmwareAll versions
LenovoV730-13isk FirmwareAll versions
LenovoV730-15ikb FirmwareAll versions
LenovoWei5-15ikb FirmwareAll versions
LenovoXiaoxin 14-Ast Qc 2019 FirmwareAll versions
LenovoXx-14api Qc 2019 FirmwareAll versions
LenovoYoga S730-13iwl FirmwareAll versions
LenovoYoga S940-14iwl FirmwareAll versions
Lenovo6 Pro-13-Iwl FirmwareAll versions
Lenovo6 Pro-14-Iwl FirmwareAll versions
LenovoE53-80 FirmwareAll versions
LenovoK3 FirmwareAll versions

Showing 50 of 172 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-8323?
A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.
How severe is CVE-2020-8323?
CVE-2020-8323 has a CVSS score of 6.7/10 (MEDIUM severity). The EPSS model estimates a 0.31% probability of exploitation in the next 30 days.
How do I fix CVE-2020-8323?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-8323?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST