A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Lenovo
  • 63
  • 63 Firmware
  • H50-30g
  • H50-30g Firmware
  • M4500
  • M4500 Firmware
  • M4550
  • M4550 Firmware
  • Qitian 4500
  • Qitian 4500 Firmware
  • Qitian B4550
  • Qitian B4550 Firmware
  • Qitian M4550
  • Qitian M4550 Firmware
  • Thinkcentre E73
  • Thinkcentre E73 Firmware
  • Thinkcentre E73s
  • Thinkcentre E73s Firmware
  • Thinkcentre E93
  • Thinkcentre E93 Firmware
  • Thinkcentre M4500k
  • Thinkcentre M4500k Firmware
  • Thinkcentre M4500q
  • Thinkcentre M4500q Firmware
  • Thinkcentre M4500s
  • Thinkcentre M4500s Firmware
  • Thinkcentre M4500t
  • Thinkcentre M4500t Firmware
  • Thinkcentre M9350z
  • Thinkcentre M9350z Firmware
  • Thinkcentre M93z
  • Thinkcentre M93z Firmware
  • Thinkstation C30
  • Thinkstation C30 Firmware
  • Thinkstation D30
  • Thinkstation D30 Firmware
  • Thinkstation E32
  • Thinkstation E32 Firmware
  • Thinkstation P300
  • Thinkstation P300 Firmware
  • Thinkstation S30
  • Thinkstation S30 Firmware
  • Yangtian Afh81
  • Yangtian Afh81 Firmware
  • Yangtian Mc H81
  • Yangtian Mc H81 Firmware
  • Yangtian Mf H81 Pci
  • Yangtian Mf H81 Pci Firmware
  • Yangtian Tc H81 Pci
  • Yangtian Tc H81 Pci Firmware
  • Yangtian Wcc H81 Pci
  • Yangtian Wcc H81 Pci Firmware
  • Yangtian Wf H81 Pci
  • Yangtian Wf H81 Pci Firmware

Configuration 1 [-]

AND
cpe:2.3:h:lenovo:63:-:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:63_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:h:lenovo:h50-30g:-:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:h50-30g_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:h:lenovo:m4500:-:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:m4500_firmware:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:h:lenovo:m4550:-:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:m4550_firmware:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:h:lenovo:qitian_4500:-:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:qitian_4500_firmware:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:h:lenovo:qitian_b4550:-:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:qitian_b4550_firmware:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:h:lenovo:qitian_m4550:-:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:qitian_m4550_firmware:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:h:lenovo:thinkcentre_e73:-:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:thinkcentre_e73_firmware:*:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:lenovo:thinkcentre_e73s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkcentre_e73s:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:lenovo:thinkcentre_e93_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkcentre_e93:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:lenovo:thinkcentre_m4500k_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkcentre_m4500k:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:lenovo:thinkcentre_m4500q_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkcentre_m4500q:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:lenovo:thinkcentre_m4500t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkcentre_m4500t:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:lenovo:thinkcentre_m4500s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkcentre_m4500s:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:lenovo:yangtian_afh81_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:yangtian_afh81:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:lenovo:yangtian_mc_h81_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:yangtian_mc_h81:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:lenovo:yangtian_mf_h81_pci_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:yangtian_mf_h81_pci:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:lenovo:yangtian_wf_h81_pci_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:yangtian_wf_h81_pci:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:lenovo:yangtian_tc_h81_pci_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:yangtian_tc_h81_pci:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:lenovo:yangtian_wcc_h81_pci_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:yangtian_wcc_h81_pci:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:lenovo:thinkcentre_m9350z_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkcentre_m9350z:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND
cpe:2.3:o:lenovo:thinkcentre_m93z_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkcentre_m93z:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND
cpe:2.3:o:lenovo:thinkstation_c30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkstation_c30:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND
cpe:2.3:h:lenovo:thinkstation_d30:-:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:thinkstation_d30_firmware:*:*:*:*:*:*:*:*

Configuration 25 [-]

AND
cpe:2.3:o:lenovo:thinkstation_e32_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkstation_e32:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND
cpe:2.3:o:lenovo:thinkstation_p300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkstation_p300:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND
cpe:2.3:o:lenovo:thinkstation_s30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkstation_s30:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://support.lenovo.com/us/en/product_security/LEN-30042 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2020-09-24T21:05:26.789032Z

Updated: 2024-09-16T17:38:49.850Z

Reserved: 2020-01-28T00:00:00

Link: CVE-2020-8333

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2020-09-24T21:15:15.873

Modified: 2020-10-07T01:15:43.870

Link: CVE-2020-8333

cve-icon Redhat

No data.