1. Home
  2. CVE Database
  3. CVE-2020-8341
LOW · 2.4

CVE-2020-8341

In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Reg...

Vulnerability Description

In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.

CVSS Score

2.4

LOW

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
LenovoThinkpad T490 \(20Nx\) Firmware< n2iet90w
LenovoThinkpad T490 \(20Nx\)-
LenovoThinkpad T490 \(20Qx\) Firmware< n2iet90w
LenovoThinkpad T490 \(20Qx\)-
LenovoThinkpad T490 \(20Rx\) Firmware< n2ret16w
LenovoThinkpad T490 \(20Rx\)-
LenovoThinkpad T490S \(20Nx\) Firmware< n2jet89w
LenovoThinkpad T490S \(20Nx\)-
LenovoThinkpad T495 Drift Firmware< 2020-08-30
LenovoThinkpad T495 Drift-
LenovoThinkpad T590 \(20Nx\) Firmware< n2iet90w
LenovoThinkpad T590 \(20Nx\)-
LenovoThinkpad X1 Carbon \(20Qx\) Firmware< n2het54w
LenovoThinkpad X1 Carbon \(20Qx\)-
LenovoThinkpad X1 Yoga \(20Qx\) Firmware< n2het54w
LenovoThinkpad X1 Yoga \(20Qx\)-
LenovoThinkpad X390 \(20Qx\) Firmware< n2jet89w
LenovoThinkpad X390 \(20Qx\)-
LenovoThinkpad X390 \(20Sx\) Firmware< n2set18w
LenovoThinkpad X390 \(20Sx\)-

References

FAQ

What is CVE-2020-8341?

CVE-2020-8341 is a vulnerability with a CVSS score of 2.4 (LOW). In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Reg...

How severe is CVE-2020-8341?

CVE-2020-8341 has been rated LOW with a CVSS base score of 2.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-8341?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkpad T490 \(20Nx\) Firmware, Lenovo Thinkpad T490 \(20Nx\), Lenovo Thinkpad T490 \(20Qx\) Firmware, Lenovo Thinkpad T490 \(20Qx\), Lenovo Thinkpad T490 \(20Rx\) Firmware.