Advisory Published
Updated

CVE-2020-8335

First published: Tue Sep 01 2020(Updated: )

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Lenovo Thinkpad A275 Firmware<2020-08-30
Lenovo Thinkpad A275
Lenovo Thinkpad A285 Firmware<2020-08-30
Lenovo ThinkPad A285
Lenovo Thinkpad A475 Firmware<2020-08-30
Lenovo Thinkpad A475
Lenovo Thinkpad A485 Firmware<2020-08-30
Lenovo Thinkpad A485
Lenovo Thinkpad T495 Drift Firmware<2020-08-30
Lenovo Thinkpad T495 Drift
Lenovo Thinkpad T495s Jazz Firmware<2020-08-30
Lenovo Thinkpad T495s Jazz
Lenovo Thinkpad X1 Carbon \(20bx\) Firmware<n14et54w
Lenovo Thinkpad X1 Carbon \(20bx\)
Lenovo Thinkpad X395 Firmware<2020-08-30
Lenovo Thinkpad X395

Remedy

Update BIOS to the following BIOS versions (or later): Lenovo ThinkPad A285: r0xuj70w ; A485: r0wuj65w ; T495: r12uj55w ; T495s/X395: r13uj47w

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the vulnerability ID?

    The vulnerability ID is CVE-2020-8335.

  • Which Lenovo ThinkPad models are affected by this vulnerability?

    The Lenovo ThinkPad A285, A485, T495, T495s/X395 models are affected.

  • What is the severity of CVE-2020-8335?

    The severity of CVE-2020-8335 is medium (6.8).

  • How does the vulnerability in Lenovo ThinkPad A285 BIOS versions up to r0xuj70w, A485 BIOS versions up to r0wuj65w, T495 BIOS versions up to r12uj55w, and T495s/X395 BIOS versions up to r13uj47w affect unauthorized access?

    The vulnerability allows unauthorized access when the emergency-reset button is pressed and the BIOS tamper detection mechanism is not triggered.

  • Is there a fix available for CVE-2020-8335?

    Yes, Lenovo has released firmware updates to fix the vulnerability. Visit the Lenovo support website for more information.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203