CVE-2020-8337 - Vulnerability Details

Description

An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.

Published: 2020-06-09

Score: 6.7 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Lenovo

Synaptics Smart Audio UWP App

affected

Version	Status	Constraints
`unspecified`	affected	< 1.0.83.0

Configuration 1 [-]

AND

cpe:2.3:a:synaptics:smart_audio_uwp:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lenovo:5-15ikb:-:::::::*
	cpe:2.3:h:lenovo:air-14_2019:-:::::::*
	cpe:2.3:h:lenovo:c340-14iwl:-:::::::*
	cpe:2.3:h:lenovo:flex-14iwl:-:::::::*
	cpe:2.3:h:lenovo:s540-14iwl:-:::::::*
	cpe:2.3:h:lenovo:s540-14iwl_touch:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_11e:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_13:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_a275:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_a285:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_a475:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_a485:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e450:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e450c:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e455:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e460:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e465:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e470:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e475:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e480:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e485:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e490:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e490s:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e540:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e545:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e550:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e550c:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e555:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e560:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e565:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e570:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e575:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e580:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e585:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e590:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_edge_e440:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_edge_e445:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l380:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l380_yoga:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l390_yoga:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l440:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l450:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l460:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l470:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l480:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l540:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l580:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p1:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p40:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p53:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p73:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_r490:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_r590:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s1_3rd:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s1_yoga_12:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s2_yoga_3rd_gen:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s2_yoga_4th_gen:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s3:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s3-s440:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s3_3rd_gen:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s3_yoga_14:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s5:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t450:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t450s:-:::::::*
cpe:2.3:h:lenovo:thinkpad_t460:-:::::::*
cpe:2.3:h:lenovo:thinkpad_t460p:-:::::::*
cpe:2.3:h:lenovo:thinkpad_t470p:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x1_extreme:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x260:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x270:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x380_yoga:-:::::::*
cpe:2.3:h:lenovo:thinkpad_yoga_11e:-:::::::*
cpe:2.3:h:lenovo:thinkpad_yoga_11e_3rd_gen:-:::::::*
cpe:2.3:h:lenovo:thinkpad_yoga_11e_4th_gen:-:::::::*
cpe:2.3:h:lenovo:thinkpad_yoga_11e_5th_gen:-:::::::*
cpe:2.3:h:lenovo:thinkpad_yoga_14_460_s3:-:::::::*
cpe:2.3:h:lenovo:thinkpad_yoga_370:-:::::::*
cpe:2.3:h:lenovo:v130-15igm:-:::::::*
cpe:2.3:h:lenovo:v130-15ikb:-:::::::*
cpe:2.3:h:lenovo:v310-15igm:-:::::::*
cpe:2.3:h:lenovo:v330-15igm:-:::::::*
cpe:2.3:h:lenovo:yoga_14:-:::::::*

No data.

No data available yet.

Remediation

Vendor Solution

Update to version 1.0.83.0 (or later) of the Smart Audio app, which installs with the corresponding audio driver version.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2020-29204	An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00046.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://support.lenovo.com/us/en/product_security/len-30707
https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf

History

No history.

Subscriptions

Lenovo 5-15ikb Air-14 2019 C340-14iwl Flex-14iwl S540-14iwl S540-14iwl Touch Thinkpad 11e Thinkpad 13 Thinkpad A275 Thinkpad A285 Thinkpad A475 Thinkpad A485 Thinkpad E450 Thinkpad E450c Thinkpad E455 Thinkpad E460 Thinkpad E465 Thinkpad E470 Thinkpad E475 Thinkpad E480 Thinkpad E485 Thinkpad E490 Thinkpad E490s Thinkpad E540 Thinkpad E545 Thinkpad E550 Thinkpad E550c Thinkpad E555 Thinkpad E560 Thinkpad E565 Thinkpad E570 Thinkpad E575 Thinkpad E580 Thinkpad E585 Thinkpad E590 Thinkpad Edge E440 Thinkpad Edge E445 Thinkpad L380 Thinkpad L380 Yoga Thinkpad L390 Yoga Thinkpad L440 Thinkpad L450 Thinkpad L460 Thinkpad L470 Thinkpad L480 Thinkpad L540 Thinkpad L580 Thinkpad P1 Thinkpad P40 Thinkpad P53 Thinkpad P73 Thinkpad R490 Thinkpad R590 Thinkpad S1 3rd Thinkpad S1 Yoga 12 Thinkpad S2 Yoga 3rd Gen Thinkpad S2 Yoga 4th Gen Thinkpad S3 Thinkpad S3-s440 Thinkpad S3 3rd Gen Thinkpad S3 Yoga 14 Thinkpad S5 Thinkpad T450 Thinkpad T450s Thinkpad T460 Thinkpad T460p Thinkpad T470p Thinkpad X1 Extreme Thinkpad X260 Thinkpad X270 Thinkpad X380 Yoga Thinkpad Yoga 11e Thinkpad Yoga 11e 3rd Gen Thinkpad Yoga 11e 4th Gen Thinkpad Yoga 11e 5th Gen Thinkpad Yoga 14 460 S3 Thinkpad Yoga 370 V130-15igm V130-15ikb V310-15igm V330-15igm Yoga 14

Synaptics Smart Audio Uwp

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2020-06-09T19:50:38.150Z

Updated: 2024-09-16T18:38:25.028Z

Reserved: 2020-01-28T00:00:00.000Z

Link: CVE-2020-8337

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-06-09T20:15:22.773

Modified: 2024-11-21T05:38:44.220

Link: CVE-2020-8337

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-428

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object