First published: Tue Sep 01 2020(Updated: )
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access.
Credit: psirt@lenovo.com
Affected Software | Affected Version | How to fix |
---|---|---|
Lenovo Thinkpad A275 Firmware | <2020-08-30 | |
Lenovo Thinkpad A275 | ||
Lenovo Thinkpad A285 Firmware | <2020-08-30 | |
Lenovo ThinkPad A285 | ||
Lenovo Thinkpad A475 Firmware | <2020-08-30 | |
Lenovo Thinkpad A475 | ||
Lenovo Thinkpad A485 Firmware | <2020-08-30 | |
Lenovo Thinkpad A485 | ||
Lenovo Thinkpad T495 Drift Firmware | <2020-08-30 | |
Lenovo Thinkpad T495 Drift | ||
Lenovo Thinkpad T495s Jazz Firmware | <2020-08-30 | |
Lenovo Thinkpad T495s Jazz | ||
Lenovo Thinkpad X1 Carbon \(20bx\) Firmware | <n14et54w | |
Lenovo Thinkpad X1 Carbon \(20bx\) | ||
Lenovo Thinkpad X395 Firmware | <2020-08-30 | |
Lenovo Thinkpad X395 |
Update BIOS to the following BIOS versions (or later): Lenovo ThinkPad A285: r0xuj70w ; A485: r0wuj65w ; T495: r12uj55w ; T495s/X395: r13uj47w
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-8335.
The Lenovo ThinkPad A285, A485, T495, T495s/X395 models are affected.
The severity of CVE-2020-8335 is medium (6.8).
The vulnerability allows unauthorized access when the emergency-reset button is pressed and the BIOS tamper detection mechanism is not triggered.
Yes, Lenovo has released firmware updates to fix the vulnerability. Visit the Lenovo support website for more information.