CVE-2020-8321
high-risk
Published 2020-06-09
A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.
Do I need to act?
-
0.14% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.4/10
Medium
LOCAL
/ HIGH complexity
Affected Products (20)
130-14Ast Firmware
130-14Ikb Firmware
130-15Ast Firmware
130-15Ikb Firmware
320C-15Ikb Firmware
330-14Igm Firmware
330-14Ikb Firmware
330-14Ikbr Firmware
330-15Arr Firmware
330-15Arr Touch Firmware
330-15Ich Firmware
330-15Igm Firmware
330-15Ikb Firmware
330-15Ikbr Firmware
330-15Ikbr Touch Firmware
330-17Ich Firmware
330-17Ikb Firmware
330-17Ikbr Firmware
330C-14Ikb Firmware
330C-15Ikb Firmware
Affected Vendors
References (2)
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-30042
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-30042
51
/ 100
high-risk
Severity
17/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
33/34 · Critical