Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-8336

Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash.

Published

2020-06-09T20:15:22.693

Last Modified

2024-11-21T05:38:44.077

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.4 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	thinkpad_e14_firmware	< 2020-07-10	Yes
Hardware	lenovo	thinkpad_e14	-	No
Operating System	lenovo	thinkpad_e15_firmware	< 2020-07-10	Yes
Hardware	lenovo	thinkpad_e15	-	No
Operating System	lenovo	thinkpad_r14_firmware	< 2020-07-10	Yes
Hardware	lenovo	thinkpad_r14	-	No
Operating System	lenovo	thinkpad_s3_gen_2_firmware	< 2020-07-10	Yes
Hardware	lenovo	thinkpad_s3_gen_2	-	No
Operating System	lenovo	thinkpad_e490s_firmware	< 2020-07-10	Yes
Hardware	lenovo	thinkpad_e490s	-	No
Operating System	lenovo	thinkpad_s3_firmware	< 2020-07-10	Yes
Hardware	lenovo	thinkpad_s3	-	No
Operating System	lenovo	thinkpad_e490_firmware	< 2020-07-10	Yes
Hardware	lenovo	thinkpad_e490	-	No
Operating System	lenovo	thinkpad_e590_firmware	< 2020-07-10	Yes
Hardware	lenovo	thinkpad_e590	-	No
Operating System	lenovo	thinkpad_r490_firmware	< 2020-07-10	Yes
Hardware	lenovo	thinkpad_r490	-	No
Operating System	lenovo	thinkpad_r590_firmware	< 2020-07-10	Yes
Hardware	lenovo	thinkpad_r590	-	No
Operating System	lenovo	thinkpad_l13_1st_gen_firmware	< 2020-07-10	Yes
Hardware	lenovo	thinkpad_l13_1st_gen	-	No
Operating System	lenovo	thinkpad_l1415_gen_1_firmware	< 2020-07-10	Yes
Hardware	lenovo	thinkpad_l1415_gen_1	-	No
Operating System	lenovo	thinkpad_l390_yoga_firmware	< 2020-07-10	Yes
Hardware	lenovo	thinkpad_l390_yoga	-	No
Operating System	lenovo	thinkpad_s2_yoga_4th_gen_firmware	< 2020-07-10	Yes
Hardware	lenovo	thinkpad_s2_yoga_4th_gen	-	No
Operating System	lenovo	thinkpad_l490_firmware	< 2020-07-10	Yes
Hardware	lenovo	thinkpad_l490	-	No
Operating System	lenovo	thinkpad_l590_firmware	< 2020-07-10	Yes
Hardware	lenovo	thinkpad_l590	-	No
Operating System	lenovo	thinkpad_p1_\(20mx\)_firmware	< n2eet47w	Yes
Hardware	lenovo	thinkpad_p1_\(20mx\)	-	No
Operating System	lenovo	thinkpad_p1_\(20qx\)_firmware	< n2oet44w	Yes
Hardware	lenovo	thinkpad_p1_\(20qx\)	-	No
Operating System	lenovo	thinkpad_p43s_\(20rx\)_firmware	< n2iet88w	Yes
Hardware	lenovo	thinkpad_p43s_\(20rx\)	-	No
Operating System	lenovo	thinkpad_p52_\(20mx\)_firmware	< n2cet51w-1.34	Yes
Hardware	lenovo	thinkpad_p52_\(20mx\)	-	No
Operating System	lenovo	thinkpad_p53_\(20qx\)_firmware	< n2net37w	Yes
Hardware	lenovo	thinkpad_p53_\(20qx\)	-	No
Operating System	lenovo	thinkpad_p53s_\(20nx\)_firmware	< n2iet88w	Yes
Hardware	lenovo	thinkpad_p53s_\(20nx\)	-	No
Operating System	lenovo	thinkpad_p72_\(20mx\)_firmware	< n2cet51w	Yes
Hardware	lenovo	thinkpad_p72_\(20mx\)	-	No
Operating System	lenovo	thinkpad_p73_\(20qx\)_firmware	< n2net37w	Yes
Hardware	lenovo	thinkpad_p73_\(20qx\)	-	No
Operating System	lenovo	thinkpad_t490_\(20nx\)_firmware	< n2iet88w	Yes
Hardware	lenovo	thinkpad_t490_\(20nx\)	-	No
Operating System	lenovo	thinkpad_t490_\(20qx\)_firmware	< n2iet88w	Yes
Hardware	lenovo	thinkpad_t490_\(20qx\)	-	No
Operating System	lenovo	thinkpad_t490_\(20rx\)_firmware	< n2iet88w	Yes
Hardware	lenovo	thinkpad_t490_\(20rx\)	-	No
Operating System	lenovo	thinkpad_t490s_\(20nx\)_firmware	< n2jet87w	Yes
Hardware	lenovo	thinkpad_t490s_\(20nx\)	-	No
Operating System	lenovo	thinkpad_t590_\(20nx\)_firmware	< n2iet88w	Yes
Hardware	lenovo	thinkpad_t590_\(20nx\)	-	No
Operating System	lenovo	thinkpad_x1_carbon_\(20qx\)_firmware	< n2het47w	Yes
Hardware	lenovo	thinkpad_x1_carbon_\(20qx\)	-	No
Operating System	lenovo	thinkpad_x1_carbon_\(20rx\)_firmware	< n2het47w	Yes
Hardware	lenovo	thinkpad_x1_carbon_\(20rx\)	-	No
Operating System	lenovo	thinkpad_x1_extreme_\(20mx\)_firmware	< n2eet47w	Yes
Hardware	lenovo	thinkpad_x1_extreme_\(20mx\)	-	No
Operating System	lenovo	thinkpad_x1_extreme_\(20qx\)_firmware	< n2oet44w	Yes
Hardware	lenovo	thinkpad_x1_extreme_\(20qx\)	-	No
Operating System	lenovo	thinkpad_x1_yoga_\(20qx\)_firmware	< n2het47w	Yes
Hardware	lenovo	thinkpad_x1_yoga_\(20qx\)	-	No
Operating System	lenovo	thinkpad_x1_yoga_\(20sx\)_firmware	< n2het47w	Yes
Hardware	lenovo	thinkpad_x1_yoga_\(20sx\)	-	No
Operating System	lenovo	thinkpad_x390_\(20qx\)_firmware	< n2jet87w	Yes
Hardware	lenovo	thinkpad_x390_\(20qx\)	-	No
Operating System	lenovo	thinkpad_x390_\(20sx\)_firmware	< n2set18w	Yes
Hardware	lenovo	thinkpad_x390_\(20sx\)	-	No
Operating System	lenovo	thinkpad_x390_yoga_firmware	< n2let74w	Yes
Hardware	lenovo	thinkpad_x390_yoga	-	No

References

https://support.lenovo.com/us/en/product_security/LEN-30042 Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-30042 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)