CVE-2020-8333 - Vulnerability Details

A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00038.

Key SSVC decision points have not yet been added.

Vendors	Products
Lenovo Subscribe	63 Subscribe 63 Firmware Subscribe H50-30g Subscribe H50-30g Firmware Subscribe M4500 Subscribe M4500 Firmware Subscribe M4550 Subscribe M4550 Firmware Subscribe Qitian 4500 Subscribe Qitian 4500 Firmware Subscribe Qitian B4550 Subscribe Qitian B4550 Firmware Subscribe Qitian M4550 Subscribe Qitian M4550 Firmware Subscribe Thinkcentre E73 Subscribe Thinkcentre E73 Firmware Subscribe Thinkcentre E73s Subscribe Thinkcentre E73s Firmware Subscribe Thinkcentre E93 Subscribe Thinkcentre E93 Firmware Subscribe Thinkcentre M4500k Subscribe Thinkcentre M4500k Firmware Subscribe Thinkcentre M4500q Subscribe Thinkcentre M4500q Firmware Subscribe Thinkcentre M4500s Subscribe Thinkcentre M4500s Firmware Subscribe Thinkcentre M4500t Subscribe Thinkcentre M4500t Firmware Subscribe Thinkcentre M9350z Subscribe Thinkcentre M9350z Firmware Subscribe Thinkcentre M93z Subscribe Thinkcentre M93z Firmware Subscribe Thinkstation C30 Subscribe Thinkstation C30 Firmware Subscribe Thinkstation D30 Subscribe Thinkstation D30 Firmware Subscribe Thinkstation E32 Subscribe Thinkstation E32 Firmware Subscribe Thinkstation P300 Subscribe Thinkstation P300 Firmware Subscribe Thinkstation S30 Subscribe Thinkstation S30 Firmware Subscribe Yangtian Afh81 Subscribe Yangtian Afh81 Firmware Subscribe Yangtian Mc H81 Subscribe Yangtian Mc H81 Firmware Subscribe Yangtian Mf H81 Pci Subscribe Yangtian Mf H81 Pci Firmware Subscribe Yangtian Tc H81 Pci Subscribe Yangtian Tc H81 Pci Firmware Subscribe Yangtian Wcc H81 Pci Subscribe Yangtian Wcc H81 Pci Firmware Subscribe Yangtian Wf H81 Pci Subscribe Yangtian Wf H81 Pci Firmware Subscribe

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:63_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:63:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:h50-30g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:h50-30g:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:m4500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:m4500:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:lenovo:m4550_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:m4550:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:lenovo:qitian_4500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:qitian_4500:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:lenovo:qitian_b4550_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:qitian_b4550:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:lenovo:qitian_m4550_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:qitian_m4550:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_e73_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_e73:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_e73s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_e73s:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_e93_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_e93:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m4500k_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m4500k:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m4500q_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m4500q:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m4500t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m4500t:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m4500s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m4500s:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:lenovo:yangtian_afh81_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yangtian_afh81:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:lenovo:yangtian_mc_h81_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yangtian_mc_h81:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:lenovo:yangtian_mf_h81_pci_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yangtian_mf_h81_pci:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:lenovo:yangtian_wf_h81_pci_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yangtian_wf_h81_pci:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:lenovo:yangtian_tc_h81_pci_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yangtian_tc_h81_pci:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:lenovo:yangtian_wcc_h81_pci_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yangtian_wcc_h81_pci:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m9350z_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m9350z:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m93z_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m93z:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:lenovo:thinkstation_c30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_c30:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:lenovo:thinkstation_d30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_d30:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:lenovo:thinkstation_e32_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_e32:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:lenovo:thinkstation_p300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_p300:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:lenovo:thinkstation_s30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_s30:-:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2020-29200	A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution

Fixes

Solution

Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-30042.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.lenovo.com/us/en/product_security/LEN-30042

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2020-09-24T21:05:26.789032Z

Updated: 2024-09-16T17:38:49.850Z

Reserved: 2020-01-28T00:00:00

Link: CVE-2020-8333

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-09-24T21:15:15.873

Modified: 2024-11-21T05:38:43.713

Link: CVE-2020-8333

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-noinfo

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Projects

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object