CVE-2020-8335
First published: Tue Sep 01 2020(Updated: )
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo Thinkpad A275 Firmware | <2020-08-30 | |
| Lenovo Thinkpad A275 | ||
| Lenovo Thinkpad A285 Firmware | <2020-08-30 | |
| Lenovo ThinkPad A285 | ||
| Lenovo Thinkpad A475 Firmware | <2020-08-30 | |
| Lenovo Thinkpad A475 | ||
| Lenovo Thinkpad A485 Firmware | <2020-08-30 | |
| Lenovo Thinkpad A485 | ||
| Lenovo Thinkpad T495 Drift Firmware | <2020-08-30 | |
| Lenovo Thinkpad T495 Drift | ||
| Lenovo Thinkpad T495s Jazz Firmware | <2020-08-30 | |
| Lenovo Thinkpad T495s Jazz | ||
| Lenovo Thinkpad X1 Carbon \(20bx\) Firmware | <n14et54w | |
| Lenovo Thinkpad X1 Carbon \(20bx\) | ||
| Lenovo Thinkpad X395 Firmware | <2020-08-30 | |
| Lenovo Thinkpad X395 |
Remedy
Update BIOS to the following BIOS versions (or later): Lenovo ThinkPad A285: r0xuj70w ; A485: r0wuj65w ; T495: r12uj55w ; T495s/X395: r13uj47w
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2020-8335.
Which Lenovo ThinkPad models are affected by this vulnerability?
The Lenovo ThinkPad A285, A485, T495, T495s/X395 models are affected.
What is the severity of CVE-2020-8335?
The severity of CVE-2020-8335 is medium (6.8).
How does the vulnerability in Lenovo ThinkPad A285 BIOS versions up to r0xuj70w, A485 BIOS versions up to r0wuj65w, T495 BIOS versions up to r12uj55w, and T495s/X395 BIOS versions up to r13uj47w affect unauthorized access?
The vulnerability allows unauthorized access when the emergency-reset button is pressed and the BIOS tamper detection mechanism is not triggered.
Is there a fix available for CVE-2020-8335?
Yes, Lenovo has released firmware updates to fix the vulnerability. Visit the Lenovo support website for more information.
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/remedy
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- agent/description
- agent/type
- agent/event
- vendor/lenovo
- canonical/lenovo thinkpad a275 firmware
- canonical/lenovo thinkpad a275
- canonical/lenovo thinkpad a285 firmware
- canonical/lenovo thinkpad a285
- canonical/lenovo thinkpad a475 firmware
- canonical/lenovo thinkpad a475
- canonical/lenovo thinkpad a485 firmware
- canonical/lenovo thinkpad a485
- canonical/lenovo thinkpad t495 drift firmware
- canonical/lenovo thinkpad t495 drift
- canonical/lenovo thinkpad t495s jazz firmware
- canonical/lenovo thinkpad t495s jazz
- canonical/lenovo thinkpad x1 carbon \(20bx\) firmware
- canonical/lenovo thinkpad x1 carbon \(20bx\)
- canonical/lenovo thinkpad x395 firmware
- canonical/lenovo thinkpad x395