CVE-2020-8323

Home/CVE/A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStatio

CVE

A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStatio

A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.

MEDIUM · CVSS 6.4 EPSS 0.0005

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules0 YARA rules0

▤

Affected Products & Versions

lenovo 330-14ast firmwareall versions
lenovo 330-15ast firmwareall versions
lenovo 330-17ast firmwareall versions
lenovo 340c-15api firmwareall versions
lenovo 340c-15ast firmwareall versions
lenovo 720s touch-15ikb firmwareall versions
lenovo 720s-15ikb firmwareall versions
lenovo 730s-13iwl firmwareall versions
Show all 60 affected productslenovo c640-iml firmwareall versions
lenovo e42-80 firmwareall versions
lenovo e52-80 firmwareall versions
lenovo k22-80 firmwareall versions
lenovo v720-12 firmwareall versions
lenovo k32-80 kbl firmwareall versions
lenovo k32-80 skl firmwareall versions
lenovo miix 720-12ikb firmwareall versions
lenovo s145-14api firmwareall versions
lenovo s145-14ast firmwareall versions
lenovo s145-15api firmwareall versions
lenovo s145-15ast firmwareall versions
lenovo s540-13api firmwareall versions
lenovo s750-iil firmwareall versions
lenovo s940-14iwl firmwareall versions
lenovo thinkbook 13s-iwl firmwareall versions
lenovo thinkbook 14s-iwl firmwareall versions
lenovo v110-14ast firmwareall versions
lenovo v110-14ikb firmwareall versions
lenovo v110-15ast firmwareall versions
lenovo v130-15igm firmwareall versions
lenovo v130-15ikb firmwareall versions
lenovo v310-15igm firmwareall versions
lenovo v330-15igm firmwareall versions
lenovo v330-15ikb firmwareall versions
lenovo v330-15isk firmwareall versions
lenovo v340-iil firmwareall versions
lenovo v340-iml firmwareall versions
lenovo v540s-13 firmwareall versions
lenovo 14iwl firmwareall versions
lenovo v730-13ikb firmwareall versions
lenovo v730-13isk firmwareall versions
lenovo v730-15ikb firmwareall versions
lenovo wei5-15ikb firmwareall versions
lenovo xiaoxin 14-ast qc 2019 firmwareall versions
lenovo xx-14api qc 2019 firmwareall versions
lenovo yoga s730-13iwl firmwareall versions
lenovo yoga s940-14iwl firmwareall versions
lenovo 6 pro-13-iwl firmwareall versions
lenovo 6 pro-14-iwl firmwareall versions
lenovo e53-80 firmwareall versions
lenovo k3 firmwareall versions
lenovo k4-iwl firmwareall versions
lenovo thinkpad 11e yoga gen 6 firmware< 2020-07-10
lenovo thinkpad 11e firmware< 2020-07-10
lenovo thinkpad yoga 11e 3rd gen firmware< 2020-07-10
lenovo thinkpad yoga 11e 4th gen firmware< 2020-07-10
lenovo thinkpad yoga 11e 5th gen firmware< 2020-07-10
lenovo thinkpad 13 2nd gen firmware< 2020-07-10
lenovo thinkpad 13 firmware< 2020-07-10
lenovo thinkpad a275 firmware< 2020-07-10
lenovo thinkpad a285 firmware< 2020-07-10

▣

Scoring & Timeline

6.4

MEDIUM · CVSS v3.1 · psirt@lenovo.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD09 Jun 2020 · 08:15 PM

CVSS VectorCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://support.lenovo.com/us/en/product_security/LEN-30042Vendor Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin