Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-8332

A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.

Published

2020-10-14T22:15:13.403

Last Modified

2024-11-21T05:38:43.570

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.4 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-367
Type: Primary
CWE-367

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	bladecenter_hs23_firmware	< tke170b	Yes
Hardware	lenovo	bladecenter_hs23	-	No
Operating System	lenovo	bladecenter_hs23e_firmware	< ahe172b	Yes
Hardware	lenovo	bladecenter_hs23e	-	No
Operating System	lenovo	compute_node-x440_firmware	< cge128a	Yes
Hardware	lenovo	compute_node-x440	-	No
Operating System	lenovo	flex_system_x220_firmware	< kse170b	Yes
Hardware	lenovo	flex_system_x220	-	No
Operating System	lenovo	flex_system_x240_firmware	< b2e172b	Yes
Hardware	lenovo	flex_system_x240	-	No
Operating System	lenovo	flex_system_x440_firmware	< cne172b	Yes
Hardware	lenovo	flex_system_x440	-	No
Operating System	lenovo	nextscale_nx360_m4_firmware	< fhe132b	Yes
Hardware	lenovo	nextscale_nx360_m4	-	No
Operating System	lenovo	system_x3300_m4_firmware	< yae166b	Yes
Hardware	lenovo	system_x3300_m4	-	No
Operating System	lenovo	system_x3500_m4_firmware	< y5e170b	Yes
Hardware	lenovo	system_x3500_m4	-	No
Operating System	lenovo	system_x3530_m4_firmware	< bee174b	Yes
Hardware	lenovo	system_x3530_m4	-	No
Operating System	lenovo	system_x3550_m4_firmware	< d7e174b	Yes
Hardware	lenovo	system_x3550_m4	-	No
Operating System	lenovo	system_x3630_m4_firmware	< bee174b	Yes
Hardware	lenovo	system_x3630_m4	-	No
Operating System	lenovo	system_x3650_m4_firmware	< vve172b	Yes
Hardware	lenovo	system_x3650_m4	-	No
Operating System	lenovo	system_x3650_m4_bd_firmware	< vve172b	Yes
Hardware	lenovo	system_x3650_m4_bd	-	No
Operating System	lenovo	system_x3650_m4_hd_firmware	< vve172b	Yes
Hardware	lenovo	system_x3650_m4_hd	-	No
Operating System	lenovo	system_x3750_m4_firmware	< a5e130a	Yes
Hardware	lenovo	system_x3750_m4	-	No
Operating System	lenovo	system_x3750_m4_firmware	< koe170b	Yes
Hardware	lenovo	system_x3750_m4	-	No
Operating System	lenovo	idataplex_dx360_m4_firmware	< tde168b	Yes
Hardware	lenovo	idataplex_dx360_m4	-	No
Operating System	lenovo	idataplex_dx360_m4_water_cooled_firmware	< tde168b	Yes
Hardware	lenovo	idataplex_dx360_m4_water_cooled	-	No

References

https://support.lenovo.com/us/en/product_security/LEN-38625 Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-38625 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)