CVE-2020-8332
First published: Wed Oct 14 2020(Updated: )
A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo Bladecenter Hs23 Firmware | <tke170b | |
| Lenovo Bladecenter Hs23 | ||
| Lenovo Bladecenter Hs23e Firmware | <ahe172b | |
| Lenovo Bladecenter Hs23e | ||
| Lenovo Compute Node-x440 Firmware | <cge128a | |
| Lenovo Compute Node-x440 | ||
| Lenovo Flex System X220 Firmware | <kse170b | |
| Lenovo Flex System X220 | ||
| Lenovo Flex System X240 Firmware | <b2e172b | |
| Lenovo Flex System X240 | ||
| Lenovo Flex System X440 Firmware | <cne172b | |
| Lenovo Flex System X440 | ||
| Lenovo Nextscale Nx360 M4 Firmware | <fhe132b | |
| Lenovo Nextscale Nx360 M4 | ||
| Lenovo System X3300 M4 Firmware | <yae166b | |
| Lenovo System X3300 M4 | ||
| Lenovo System X3500 M4 Firmware | <y5e170b | |
| Lenovo System X3500 M4 | ||
| Lenovo System X3530 M4 Firmware | <bee174b | |
| Lenovo System X3530 M4 | ||
| Lenovo System X3550 M4 Firmware | <d7e174b | |
| Lenovo System X3550 M4 | ||
| Lenovo System X3630 M4 Firmware | <bee174b | |
| Lenovo System X3630 M4 | ||
| Lenovo System X3650 M4 Firmware | <vve172b | |
| Lenovo System X3650 M4 | ||
| Lenovo System X3650 M4 Bd Firmware | <vve172b | |
| Lenovo System X3650 M4 Bd | ||
| Lenovo System X3650 M4 Hd Firmware | <vve172b | |
| Lenovo System X3650 M4 Hd | ||
| Lenovo System X3750 M4 Firmware | <a5e130a | |
| Lenovo System X3750 M4 | ||
| Lenovo System X3750 M4 Firmware | <koe170b | |
| Lenovo Idataplex Dx360 M4 Firmware | <tde168b | |
| Lenovo Idataplex Dx360 M4 | ||
| Lenovo Idataplex Dx360 M4 Water Cooled Firmware | <tde168b | |
| Lenovo Idataplex Dx360 M4 Water Cooled |
Remedy
Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-38625.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/remedy
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/lenovo
- canonical/lenovo bladecenter hs23 firmware
- canonical/lenovo bladecenter hs23
- canonical/lenovo bladecenter hs23e firmware
- canonical/lenovo bladecenter hs23e
- canonical/lenovo compute node-x440 firmware
- canonical/lenovo compute node-x440
- canonical/lenovo flex system x220 firmware
- canonical/lenovo flex system x220
- canonical/lenovo flex system x240 firmware
- canonical/lenovo flex system x240
- canonical/lenovo flex system x440 firmware
- canonical/lenovo flex system x440
- canonical/lenovo nextscale nx360 m4 firmware
- canonical/lenovo nextscale nx360 m4
- canonical/lenovo system x3300 m4 firmware
- canonical/lenovo system x3300 m4
- canonical/lenovo system x3500 m4 firmware
- canonical/lenovo system x3500 m4
- canonical/lenovo system x3530 m4 firmware
- canonical/lenovo system x3530 m4
- canonical/lenovo system x3550 m4 firmware
- canonical/lenovo system x3550 m4
- canonical/lenovo system x3630 m4 firmware
- canonical/lenovo system x3630 m4
- canonical/lenovo system x3650 m4 firmware
- canonical/lenovo system x3650 m4
- canonical/lenovo system x3650 m4 bd firmware
- canonical/lenovo system x3650 m4 bd
- canonical/lenovo system x3650 m4 hd firmware
- canonical/lenovo system x3650 m4 hd
- canonical/lenovo system x3750 m4 firmware
- canonical/lenovo system x3750 m4
- canonical/lenovo idataplex dx360 m4 firmware
- canonical/lenovo idataplex dx360 m4
- canonical/lenovo idataplex dx360 m4 water cooled firmware
- canonical/lenovo idataplex dx360 m4 water cooled