1. Home
  2. CVE Database
  3. CVE-2020-8323
MEDIUM · 6.4

CVE-2020-8323

A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.

Vulnerability Description

A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.

CVSS Score

6.4

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Lenovo330-14Ast Firmware-
Lenovo330-14Ast-
Lenovo330-15Ast Firmware-
Lenovo330-15Ast-
Lenovo330-17Ast Firmware-
Lenovo330-17Ast-
Lenovo340C-15Api Firmware-
Lenovo340C-15Api-
Lenovo340C-15Ast Firmware-
Lenovo340C-15Ast-
Lenovo720S Touch-15Ikb Firmware-
Lenovo720S Touch-15Ikb-
Lenovo720S-15Ikb Firmware-
Lenovo720S-15Ikb-
Lenovo730S-13Iwl Firmware-
Lenovo730S-13Iwl-
LenovoC640-Iml Firmware-
LenovoC640-Iml-
LenovoE42-80 Firmware-
LenovoE42-80-

References

FAQ

What is CVE-2020-8323?

CVE-2020-8323 is a vulnerability with a CVSS score of 6.4 (MEDIUM). A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.

How severe is CVE-2020-8323?

CVE-2020-8323 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-8323?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo 330-14Ast Firmware, Lenovo 330-14Ast, Lenovo 330-15Ast Firmware, Lenovo 330-15Ast, Lenovo 330-17Ast Firmware.