CVE-2020-8322

A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
lenovo330-14ast_firmware
-
lenovo330-15ast_firmware
-
lenovo330-17ast_firmware
-
lenovo340c-15api_firmware
-
lenovo340c-15ast_firmware
-
lenovo720s_touch-15ikb_firmware
-
lenovo720s-15ikb_firmware
-
lenovo730s-13iwl_firmware
-
lenovoc640-iml_firmware
-
lenovoe42-80_firmware
-
lenovoe52-80_firmware
-
lenovok22-80_firmware
-
lenovov720-12_firmware
-
lenovok32-80_kbl_firmware
-
lenovok32-80_skl_firmware
-
lenovomiix_720-12ikb_firmware
-
lenovos145-14api_firmware
-
lenovos145-14ast_firmware
-
lenovos145-15api_firmware
-
lenovos145-15ast_firmware
-
lenovos540-13api_firmware
-
lenovos750-iil_firmware
-
lenovos940-14iwl_firmware
-
lenovothinkbook_13s-iwl_firmware
-
lenovothinkbook_14s-iwl_firmware
-
lenovov110-14ast_firmware
-
lenovov110-14ikb_firmware
-
lenovov110-15ast_firmware
-
lenovov130-15igm_firmware
-
lenovov130-15ikb_firmware
-
lenovov310-15igm_firmware
-
lenovov330-15igm_firmware
-
lenovov330-15ikb_firmware
-
lenovov330-15isk_firmware
-
lenovov340-iil_firmware
-
lenovov340-iml_firmware
-
lenovov540s-13_firmware
-
lenovo14iwl_firmware
-
lenovov730-13ikb_firmware
-
lenovov730-13isk_firmware
-
lenovov730-15ikb_firmware
-
lenovowei5-15ikb_firmware
-
lenovoxiaoxin_14-ast_qc_2019_firmware
-
lenovoxx-14api_qc_2019_firmware
-
lenovoyoga_s730-13iwl_firmware
-
lenovoyoga_s940-14iwl_firmware
-
lenovo6_pro-13-iwl_firmware
-
lenovo6_pro-14-iwl_firmware
-
lenovoe53-80_firmware
-
lenovok3_firmware
-
lenovok4-iwl_firmware
-
𝑥
= Vulnerable software versions
References
https://support.lenovo.com/us/en/product_security/LEN-30042
https://support.lenovo.com/us/en/product_security/LEN-30042