medium
6.7
Advisory Published
Updated

CVE-2020-8322

First published: Tue Jun 09 2020(Updated: )

A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Lenovo 330-14ast firmware
Lenovo 330-14ast firmware
Lenovo v330-15ast firmware
Lenovo 330-15ast firmware
Lenovo 330-17AST Firmware
Lenovo 330-17ast firmware
Lenovo 340c-15api firmware
Lenovo 340c-15api firmware
Lenovo 340c-15ast firmware
Lenovo 340c-15ast firmware
Lenovo 720s touch-15ikb
Lenovo 720s touch-15ikb firmware
Lenovo 720s touch-15ikb firmware
Lenovo 720s touch-15ikb firmware
Lenovo 730s-13iwl
Lenovo 730s-13iwl firmware
Lenovo Yoga C640-13IML LTE Firmware
Lenovo yoga c640-13iml
Lenovo e42-80
Lenovo e42-80 firmware
Lenovo e52-80 isk firmware
Lenovo e52-80
Lenovo K22-80 Firmware
Lenovo K22-80 Firmware
Lenovo V720-12
Lenovo K22-80 / Lenovo V720-12
Lenovo K32-80 KBL
Lenovo K32-80
Lenovo K32-80 SKL Firmware
Lenovo K32-80
Lenovo Miix 720-12IKB
Lenovo Miix 720-12IKB Firmware
Lenovo S145-14IGM Firmware
Lenovo S145-14API
Lenovo S145-14IGM Firmware
Lenovo S145-14AST
Lenovo S145-15api Firmware
Lenovo S145-15api Firmware
Lenovo S145-15AST Firmware
Lenovo S145-15api Firmware
Lenovo S540-13API
Lenovo S540-13API Firmware
Lenovo S750-iil Firmware
Lenovo S750-iil Firmware
Lenovo s940-14iwl
Lenovo Ideapad S940-14iwl
Lenovo Thinkbook 13s-iwl Firmware
Lenovo Thinkbook 13s-iwl Firmware
Lenovo ThinkBook 14s-IWL
Lenovo ThinkBook 14s-IWL Firmware
Lenovo V110-14ast
Lenovo V110-14ast
Lenovo v110-14ikb firmware
Lenovo V110-14IKB
Lenovo V110-15ast
Lenovo V110-15ast firmware
Lenovo v130-15igm firmware
Lenovo v130-15igm firmware
Lenovo v130-15ikb firmware
Lenovo v130-15ikb
Lenovo v310-15igm firmware
Lenovo v310-15igm firmware
Lenovo V330-15IGM Firmware
Lenovo V330-15IGM Firmware
Lenovo V330 Firmware
Lenovo v330-15ast
Lenovo V330 Firmware
Lenovo v330-15isk firmware
Lenovo V340-IML Firmware
Lenovo V340-IIL
Lenovo V340-IML
Lenovo V340-IML Firmware
Lenovo v540s-13 firmware
Lenovo v540s-13 firmware
Lenovo 14iwl firmware
Lenovo 14iwl
Lenovo V730-13IKB Firmware
Lenovo V730-13IKB Firmware
Lenovo V730-13IKB Firmware
Lenovo v730-13isk
Lenovo v730-15ikb firmware
Lenovo v730-15ikb firmware
Lenovo Wei5-15IKB Firmware
Lenovo Wei5-15IKB Firmware
Lenovo Xiaoxin 14-AST QC 2019
Lenovo Xiaoxin 14-AST QC 2019 Firmware
Lenovo xx-14api qc 2019 firmware
Lenovo xx-14api qc 2019
Lenovo Yoga S730-13IWl
Lenovo Yoga S730-13iwl Firmware
Lenovo Yoga S940-14IWL
Lenovo Yoga S940-14IWL Firmware
Lenovo 6 Pro-13-IWL Firmware
Lenovo 6 Pro-13-IWL Firmware
Lenovo 6 Pro-14-iwl
Lenovo 6 Pro-14-iwl
Lenovo E53-80 Firmware
Lenovo E53-80 Firmware
Lenovo K3 Firmware
Lenovo K3 Firmware
Lenovo K4-iwl firmware
Lenovo K4-iwl firmware

Remedy

Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-30042.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2020-8322?

    CVE-2020-8322 has a critical severity rating due to the potential for arbitrary code execution.

  • How do I fix CVE-2020-8322?

    To resolve CVE-2020-8322, users should update the affected Lenovo firmware to the latest version provided by Lenovo.

  • Which Lenovo devices are affected by CVE-2020-8322?

    CVE-2020-8322 affects specific models including the Lenovo 330-14AST, 330-15AST, and various others listed in Lenovo's security advisory.

  • What can happen if CVE-2020-8322 is exploited?

    Exploitation of CVE-2020-8322 could allow an attacker to execute arbitrary code with elevated privileges on affected Lenovo devices.

  • Is there a workaround for CVE-2020-8322?

    Currently, the best mitigation for CVE-2020-8322 is to apply the necessary firmware updates from Lenovo.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203