Vulnerabilities > CVE-2020-8354 - Unspecified vulnerability in Lenovo Notebook Firmware

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

lenovo

NVD

Published: 2020-11-11

Updated: 2020-11-30

Summary

A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.

Vulnerable Configurations

Part	Description	Count
OS	Lenovo Lenovo Notebook Firmware -	1
Hardware	Lenovo Lenovo Notebook -	1

References

https://support.lenovo.com/us/en/product_security/LEN-49266