CVE-2020-8323
high-risk
Published 2020-06-09
A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.
Do I need to act?
-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.4/10
Medium
LOCAL
/ HIGH complexity
Affected Products (20)
330-14Ast Firmware
330-15Ast Firmware
330-17Ast Firmware
340C-15Api Firmware
340C-15Ast Firmware
720S Touch-15Ikb Firmware
720S-15Ikb Firmware
730S-13Iwl Firmware
C640-Iml Firmware
E42-80 Firmware
E52-80 Firmware
K22-80 Firmware
V720-12 Firmware
K32-80 Kbl Firmware
K32-80 Skl Firmware
Miix 720-12Ikb Firmware
S145-14Api Firmware
S145-14Ast Firmware
S145-15Api Firmware
S145-15Ast Firmware
Affected Vendors
References (2)
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-30042
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-30042
50
/ 100
high-risk
Severity
17/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
33/34 · Critical