First published: Wed Oct 14 2020(Updated: )
A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.
Credit: psirt@lenovo.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM BladeCenter HS23 Firmware | <tke170b | |
Lenovo Bladecenter HS23 | ||
Lenovo BladeCenter HS23e | <ahe172b | |
Lenovo BladeCenter HS23e | ||
Lenovo Compute Node-x440 | <cge128a | |
Lenovo Compute Node-x440 Firmware | ||
Lenovo Flex System X220 Firmware | <kse170b | |
Lenovo Flex System X220 | ||
Lenovo Flex System X240 Firmware | <b2e172b | |
Lenovo Flex System X240 | ||
Lenovo Flex System X440 Firmware | <cne172b | |
Lenovo Flex System X440 | ||
Lenovo Nextscale Nx360 M4 Firmware | <fhe132b | |
Lenovo Nextscale Nx360 M4 Firmware | ||
Lenovo System X3300 M4 Firmware | <yae166b | |
Lenovo System X3300 M4 Firmware | ||
Lenovo System X3500 M4 Firmware | <y5e170b | |
Lenovo System X3500 M4 Firmware | ||
Lenovo System X3530 M4 Firmware | <bee174b | |
Lenovo System X3530 M4 | ||
Lenovo System X3550 M4 Firmware | <d7e174b | |
Lenovo System X3550 M4 Firmware | ||
Lenovo System X3630 M4 Firmware | <bee174b | |
Lenovo System X3630 M4 | ||
Lenovo System X3650 M4 Bd Firmware | <vve172b | |
Lenovo System X3650 M4 Bd | ||
Lenovo System X3650 M4 Bd Firmware | <vve172b | |
Lenovo System X3650 M4 Bd Firmware | ||
Lenovo System X3650 M4 Firmware | <vve172b | |
Lenovo System X3650 M4 HD | ||
Lenovo System X3750 M4 Firmware | <a5e130a | |
Lenovo Flex System X3750 M4 | ||
Lenovo System X3750 M4 Firmware | <koe170b | |
Lenovo iDataplex DX360 M4 Firmware | <tde168b | |
Lenovo iDataplex Dx360 M4 | ||
IBM iDataPlex DX360 M4 Water Cooled Firmware | <tde168b | |
Lenovo Idataplex Dx360 M4 Water Cooled |
Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-38625.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-8332 is considered high due to the potential for arbitrary code execution.
To fix CVE-2020-8332, update your firmware to a version that addresses this vulnerability, such as those released after the specified versions.
CVE-2020-8332 affects some legacy Lenovo and IBM System x servers in legacy BIOS mode.
No, servers operating in UEFI mode are not affected by CVE-2020-8332.
CVE-2020-8332 involves various Lenovo firmware including Bladecenter, Compute Node, and Flex System firmware among others.