CVE-2020-8333 - Vulnerability Details

A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00038.

Key SSVC decision points have not yet been added.

Vendors	Products
Lenovo	63 63 Firmware H50-30g H50-30g Firmware M4500 M4500 Firmware M4550 M4550 Firmware Qitian 4500 Qitian 4500 Firmware Qitian B4550 Qitian B4550 Firmware Qitian M4550 Qitian M4550 Firmware Thinkcentre E73 Thinkcentre E73 Firmware Thinkcentre E73s Thinkcentre E73s Firmware Thinkcentre E93 Thinkcentre E93 Firmware Thinkcentre M4500k Thinkcentre M4500k Firmware Thinkcentre M4500q Thinkcentre M4500q Firmware Thinkcentre M4500s Thinkcentre M4500s Firmware Thinkcentre M4500t Thinkcentre M4500t Firmware Thinkcentre M9350z Thinkcentre M9350z Firmware Thinkcentre M93z Thinkcentre M93z Firmware Thinkstation C30 Thinkstation C30 Firmware Thinkstation D30 Thinkstation D30 Firmware Thinkstation E32 Thinkstation E32 Firmware Thinkstation P300 Thinkstation P300 Firmware Thinkstation S30 Thinkstation S30 Firmware Yangtian Afh81 Yangtian Afh81 Firmware Yangtian Mc H81 Yangtian Mc H81 Firmware Yangtian Mf H81 Pci Yangtian Mf H81 Pci Firmware Yangtian Tc H81 Pci Yangtian Tc H81 Pci Firmware Yangtian Wcc H81 Pci Yangtian Wcc H81 Pci Firmware Yangtian Wf H81 Pci Yangtian Wf H81 Pci Firmware

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:63_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:63:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:h50-30g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:h50-30g:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:m4500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:m4500:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:lenovo:m4550_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:m4550:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:lenovo:qitian_4500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:qitian_4500:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:lenovo:qitian_b4550_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:qitian_b4550:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:lenovo:qitian_m4550_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:qitian_m4550:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_e73_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_e73:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_e73s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_e73s:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_e93_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_e93:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m4500k_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m4500k:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m4500q_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m4500q:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m4500t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m4500t:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m4500s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m4500s:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:lenovo:yangtian_afh81_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yangtian_afh81:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:lenovo:yangtian_mc_h81_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yangtian_mc_h81:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:lenovo:yangtian_mf_h81_pci_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yangtian_mf_h81_pci:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:lenovo:yangtian_wf_h81_pci_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yangtian_wf_h81_pci:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:lenovo:yangtian_tc_h81_pci_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yangtian_tc_h81_pci:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:lenovo:yangtian_wcc_h81_pci_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yangtian_wcc_h81_pci:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m9350z_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m9350z:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m93z_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m93z:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:lenovo:thinkstation_c30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_c30:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:lenovo:thinkstation_d30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_d30:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:lenovo:thinkstation_e32_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_e32:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:lenovo:thinkstation_p300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_p300:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:lenovo:thinkstation_s30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_s30:-:*:*:*:*:*:*:*

No data.

Fixes

Solution

Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-30042.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.lenovo.com/us/en/product_security/LEN-30042

History

No history.

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2020-09-24T21:05:26.789032Z

Updated: 2024-09-16T17:38:49.850Z

Reserved: 2020-01-28T00:00:00

Link: CVE-2020-8333

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-09-24T21:15:15.873

Modified: 2024-11-21T05:38:43.713

Link: CVE-2020-8333

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object