Vulnerabilities > CVE-2020-8341 - Unspecified vulnerability in Lenovo products

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

lenovo

NVD

Published: 2020-09-01

Updated: 2020-09-11

Summary

In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.

Vulnerable Configurations

Part	Description	Count
OS	Lenovo Lenovo Thinkpad T490 (20Nx) Firmware N2Iet88W Lenovo Thinkpad T490 (20Qx) Firmware N2Iet88W Lenovo Thinkpad T490 (20Rx) Firmware N2Iet88W Lenovo Thinkpad T490S (20Nx) Firmware N2Jet87W Lenovo Thinkpad T495 Drift Firmware * Lenovo Thinkpad T590 (20Nx) Firmware N2Iet88W Lenovo Thinkpad X1 Carbon (20Qx) Firmware N2Het47W Lenovo Thinkpad X1 Yoga (20Qx) Firmware N2Het47W Lenovo Thinkpad X390 (20Qx) Firmware N2Jet87W Lenovo Thinkpad X390 (20Sx) Firmware *	10
Hardware	Lenovo Lenovo Thinkpad T490 (20Nx) - Lenovo Thinkpad T490 (20Qx) - Lenovo Thinkpad T490 (20Rx) - Lenovo Thinkpad T490S (20Nx) - Lenovo Thinkpad T495 Drift - Lenovo Thinkpad T590 (20Nx) - Lenovo Thinkpad X1 Carbon (20Qx) - Lenovo Thinkpad X1 Yoga (20Qx) - Lenovo Thinkpad X390 (20Qx) - Lenovo Thinkpad X390 (20Sx) -	10

References

https://support.lenovo.com/us/en/product_security/LEN-30042