Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-8337

An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 6.7, requiring local system access to exploit with relatively low complexity without requiring user interaction . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 83 products from synaptics, from lenovo, from lenovo and 80 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2020, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2020-06-09T20:15:22.773

Last Modified

2024-11-21T05:38:44.220

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-428
Type: Primary
CWE-428

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	synaptics	smart_audio_uwp	< 1.0.83.0	Yes
Hardware	lenovo	5-15ikb	-	No
Hardware	lenovo	air-14_2019	-	No
Hardware	lenovo	c340-14iwl	-	No
Hardware	lenovo	flex-14iwl	-	No
Hardware	lenovo	s540-14iwl	-	No
Hardware	lenovo	s540-14iwl_touch	-	No
Hardware	lenovo	thinkpad_11e	-	No
Hardware	lenovo	thinkpad_13	-	No
Hardware	lenovo	thinkpad_a275	-	No
Hardware	lenovo	thinkpad_a285	-	No
Hardware	lenovo	thinkpad_a475	-	No
Hardware	lenovo	thinkpad_a485	-	No
Hardware	lenovo	thinkpad_e450	-	No
Hardware	lenovo	thinkpad_e450c	-	No
Hardware	lenovo	thinkpad_e455	-	No
Hardware	lenovo	thinkpad_e460	-	No
Hardware	lenovo	thinkpad_e465	-	No
Hardware	lenovo	thinkpad_e470	-	No
Hardware	lenovo	thinkpad_e475	-	No
Hardware	lenovo	thinkpad_e480	-	No
Hardware	lenovo	thinkpad_e485	-	No
Hardware	lenovo	thinkpad_e490	-	No
Hardware	lenovo	thinkpad_e490s	-	No
Hardware	lenovo	thinkpad_e540	-	No
Hardware	lenovo	thinkpad_e545	-	No
Hardware	lenovo	thinkpad_e550	-	No
Hardware	lenovo	thinkpad_e550c	-	No
Hardware	lenovo	thinkpad_e555	-	No
Hardware	lenovo	thinkpad_e560	-	No
Hardware	lenovo	thinkpad_e565	-	No
Hardware	lenovo	thinkpad_e570	-	No
Hardware	lenovo	thinkpad_e575	-	No
Hardware	lenovo	thinkpad_e580	-	No
Hardware	lenovo	thinkpad_e585	-	No
Hardware	lenovo	thinkpad_e590	-	No
Hardware	lenovo	thinkpad_edge_e440	-	No
Hardware	lenovo	thinkpad_edge_e445	-	No
Hardware	lenovo	thinkpad_l380	-	No
Hardware	lenovo	thinkpad_l380_yoga	-	No
Hardware	lenovo	thinkpad_l390_yoga	-	No
Hardware	lenovo	thinkpad_l440	-	No
Hardware	lenovo	thinkpad_l450	-	No
Hardware	lenovo	thinkpad_l460	-	No
Hardware	lenovo	thinkpad_l470	-	No
Hardware	lenovo	thinkpad_l480	-	No
Hardware	lenovo	thinkpad_l540	-	No
Hardware	lenovo	thinkpad_l580	-	No
Hardware	lenovo	thinkpad_p1	-	No
Hardware	lenovo	thinkpad_p40	-	No
Hardware	lenovo	thinkpad_p53	-	No
Hardware	lenovo	thinkpad_p73	-	No
Hardware	lenovo	thinkpad_r490	-	No
Hardware	lenovo	thinkpad_r590	-	No
Hardware	lenovo	thinkpad_s1_3rd	-	No
Hardware	lenovo	thinkpad_s1_yoga_12	-	No
Hardware	lenovo	thinkpad_s2_yoga_3rd_gen	-	No
Hardware	lenovo	thinkpad_s2_yoga_4th_gen	-	No
Hardware	lenovo	thinkpad_s3	-	No
Hardware	lenovo	thinkpad_s3-s440	-	No
Hardware	lenovo	thinkpad_s3_3rd_gen	-	No
Hardware	lenovo	thinkpad_s3_yoga_14	-	No
Hardware	lenovo	thinkpad_s5	-	No
Hardware	lenovo	thinkpad_t450	-	No
Hardware	lenovo	thinkpad_t450s	-	No
Hardware	lenovo	thinkpad_t460	-	No
Hardware	lenovo	thinkpad_t460p	-	No
Hardware	lenovo	thinkpad_t470p	-	No
Hardware	lenovo	thinkpad_x1_extreme	-	No
Hardware	lenovo	thinkpad_x260	-	No
Hardware	lenovo	thinkpad_x270	-	No
Hardware	lenovo	thinkpad_x380_yoga	-	No
Hardware	lenovo	thinkpad_yoga_11e	-	No
Hardware	lenovo	thinkpad_yoga_11e_3rd_gen	-	No
Hardware	lenovo	thinkpad_yoga_11e_4th_gen	-	No
Hardware	lenovo	thinkpad_yoga_11e_5th_gen	-	No
Hardware	lenovo	thinkpad_yoga_14_460_s3	-	No
Hardware	lenovo	thinkpad_yoga_370	-	No
Hardware	lenovo	v130-15igm	-	No
Hardware	lenovo	v130-15ikb	-	No
Hardware	lenovo	v310-15igm	-	No
Hardware	lenovo	v330-15igm	-	No
Hardware	lenovo	yoga_14	-	No

References

https://support.lenovo.com/us/en/product_security/len-30707 Vendor Advisory ([email protected])
https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/len-30707 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For synaptics's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.