Vulnerabilities > CVE-2020-8336 - Unspecified vulnerability in Lenovo products

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

lenovo

NVD

Published: 2020-06-09

Updated: 2020-06-22

Summary

Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash.

Vulnerable Configurations

Part	Description	Count
OS	Lenovo Lenovo Thinkpad E14 Firmware * Lenovo Thinkpad E15 Firmware * Lenovo Thinkpad R14 Firmware * Lenovo Thinkpad S3 GEN 2 Firmware * Lenovo Thinkpad E490S Firmware - Lenovo Thinkpad S3 Firmware - Lenovo Thinkpad E490 Firmware - Lenovo Thinkpad E590 Firmware - Lenovo Thinkpad R490 Firmware - Lenovo Thinkpad R590 Firmware - Lenovo Thinkpad L13 1ST GEN Firmware * Lenovo Thinkpad L1415 GEN 1 Firmware * Lenovo Thinkpad L390 Yoga Firmware - Lenovo Thinkpad S2 Yoga 4TH GEN Firmware - Lenovo Thinkpad L490 Firmware - Lenovo Thinkpad L590 Firmware - Lenovo Thinkpad P1 (20Mx) Firmware * Lenovo Thinkpad P1 (20Qx) Firmware * Lenovo Thinkpad P43S (20Rx) Firmware - Lenovo Thinkpad P52 (20Mx) Firmware * Lenovo Thinkpad P53 (20Qx) Firmware * Lenovo Thinkpad P53S (20Nx) Firmware * Lenovo Thinkpad P72 (20Mx) Firmware * Lenovo Thinkpad P73 (20Qx) Firmware * Lenovo Thinkpad T490 (20Nx) Firmware * Lenovo Thinkpad T490 (20Qx) Firmware * Lenovo Thinkpad T490 (20Rx) Firmware * Lenovo Thinkpad T490S (20Nx) Firmware * Lenovo Thinkpad T590 (20Nx) Firmware * Lenovo Thinkpad X1 Carbon (20Qx) Firmware * Lenovo Thinkpad X1 Carbon (20Rx) Firmware * Lenovo Thinkpad X1 Extreme (20Mx) Firmware * Lenovo Thinkpad X1 Extreme (20Qx) Firmware * Lenovo Thinkpad X1 Yoga (20Qx) Firmware * Lenovo Thinkpad X1 Yoga (20Sx) Firmware * Lenovo Thinkpad X390 (20Qx) Firmware * Lenovo Thinkpad X390 (20Sx) Firmware * Lenovo Thinkpad X390 Yoga Firmware - Lenovo Thinkpad X390 Yoga Firmware 2020-06-24	39
Hardware	Lenovo Lenovo Thinkpad E14 - Lenovo Thinkpad E15 - Lenovo Thinkpad R14 - Lenovo Thinkpad S3 GEN 2 - Lenovo Thinkpad E490S - Lenovo Thinkpad S3 - Lenovo Thinkpad E490 - Lenovo Thinkpad E590 - Lenovo Thinkpad R490 - Lenovo Thinkpad R590 - Lenovo Thinkpad L13 1ST GEN - Lenovo Thinkpad L1415 GEN 1 - Lenovo Thinkpad L390 Yoga - Lenovo Thinkpad S2 Yoga 4TH GEN - Lenovo Thinkpad L490 - Lenovo Thinkpad L590 - Lenovo Thinkpad P1 (20Mx) - Lenovo Thinkpad P1 (20Qx) - Lenovo Thinkpad P43S (20Rx) - Lenovo Thinkpad P52 (20Mx) - Lenovo Thinkpad P53 (20Qx) - Lenovo Thinkpad P53S (20Nx) - Lenovo Thinkpad P72 (20Mx) - Lenovo Thinkpad P73 (20Qx) - Lenovo Thinkpad T490 (20Nx) - Lenovo Thinkpad T490 (20Qx) - Lenovo Thinkpad T490 (20Rx) - Lenovo Thinkpad T490S (20Nx) - Lenovo Thinkpad T590 (20Nx) - Lenovo Thinkpad X1 Carbon (20Qx) - Lenovo Thinkpad X1 Carbon (20Rx) - Lenovo Thinkpad X1 Extreme (20Mx) - Lenovo Thinkpad X1 Extreme (20Qx) - Lenovo Thinkpad X1 Yoga (20Qx) - Lenovo Thinkpad X1 Yoga (20Sx) - Lenovo Thinkpad X390 (20Qx) - Lenovo Thinkpad X390 (20Sx) - Lenovo Thinkpad X390 Yoga -	38

References

https://support.lenovo.com/us/en/product_security/LEN-30042