Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-8341

In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.

Published

2020-09-01T22:15:10.377

Last Modified

2024-11-21T05:38:44.680

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 2.4 (LOW)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	thinkpad_t490_\(20nx\)_firmware	< n2iet90w	Yes
Hardware	lenovo	thinkpad_t490_\(20nx\)	-	No
Operating System	lenovo	thinkpad_t490_\(20qx\)_firmware	< n2iet90w	Yes
Hardware	lenovo	thinkpad_t490_\(20qx\)	-	No
Operating System	lenovo	thinkpad_t490_\(20rx\)_firmware	< n2ret16w	Yes
Hardware	lenovo	thinkpad_t490_\(20rx\)	-	No
Operating System	lenovo	thinkpad_t490s_\(20nx\)_firmware	< n2jet89w	Yes
Hardware	lenovo	thinkpad_t490s_\(20nx\)	-	No
Operating System	lenovo	thinkpad_t495_drift_firmware	< 2020-08-30	Yes
Hardware	lenovo	thinkpad_t495_drift	-	No
Operating System	lenovo	thinkpad_t590_\(20nx\)_firmware	< n2iet90w	Yes
Hardware	lenovo	thinkpad_t590_\(20nx\)	-	No
Operating System	lenovo	thinkpad_x1_carbon_\(20qx\)_firmware	< n2het54w	Yes
Hardware	lenovo	thinkpad_x1_carbon_\(20qx\)	-	No
Operating System	lenovo	thinkpad_x1_yoga_\(20qx\)_firmware	< n2het54w	Yes
Hardware	lenovo	thinkpad_x1_yoga_\(20qx\)	-	No
Operating System	lenovo	thinkpad_x390_\(20qx\)_firmware	< n2jet89w	Yes
Hardware	lenovo	thinkpad_x390_\(20qx\)	-	No
Operating System	lenovo	thinkpad_x390_\(20sx\)_firmware	< n2set18w	Yes
Hardware	lenovo	thinkpad_x390_\(20sx\)	-	No

References

https://support.lenovo.com/us/en/product_security/LEN-30042 Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-30042 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)