medium
6.8
Advisory Published
Updated

CVE-2020-8336

First published: Tue Jun 09 2020(Updated: )

Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Lenovo ThinkPad E14 Firmware<2020-07-10
Lenovo Thinkpad E14
Lenovo ThinkPad E15 Firmware<2020-07-10
Lenovo ThinkPad E15
Lenovo ThinkPad R14 Firmware<2020-07-10
Lenovo ThinkPad R14
Lenovo ThinkPad S3 2nd Gen Firmware<2020-07-10
Lenovo ThinkPad S3 Gen 2 Firmware
Lenovo ThinkPad E490s Firmware<2020-07-10
Lenovo ThinkPad E490s Firmware
Lenovo ThinkPad S3 Firmware<2020-07-10
Lenovo ThinkPad S3 Firmware
Lenovo ThinkPad E490 Firmware<2020-07-10
Lenovo ThinkPad E490
Lenovo ThinkPad E590 Firmware<2020-07-10
Lenovo ThinkPad E590
Lenovo ThinkPad r490 firmware<2020-07-10
Lenovo ThinkPad r490 firmware
Lenovo ThinkPad R590 Firmware<2020-07-10
Lenovo ThinkPad R590 Firmware
Lenovo ThinkPad L13 1st Gen Firmware<2020-07-10
Lenovo ThinkPad L13 1st Gen Firmware
Lenovo ThinkPad L14 Gen 1 Firmware<2020-07-10
Lenovo ThinkPad L14 Gen 1
Lenovo ThinkPad L390 Yoga Firmware<2020-07-10
Lenovo ThinkPad L390 Yoga Firmware
Lenovo ThinkPad S2 Yoga 4th Gen<2020-07-10
Lenovo ThinkPad S2 Yoga 4th Gen Firmware
Lenovo ThinkPad L490 Firmware<2020-07-10
Lenovo ThinkPad L490 Firmware
Lenovo ThinkPad L590 Firmware<2020-07-10
Lenovo ThinkPad L590 Firmware
Lenovo ThinkPad P1 Firmware<n2eet47w
Lenovo ThinkPad P1
Lenovo ThinkPad P1 (20QX) Firmware<n2oet44w
Lenovo ThinkPad P1
Lenovo ThinkPad P43s Firmware<n2iet88w
Lenovo ThinkPad P43s
Lenovo ThinkPad P52 Firmware<n2cet51w-1.34
Lenovo ThinkPad p52 (20mx)
Lenovo ThinkPad p53 (20qx) Firmware<n2net37w
Lenovo ThinkPad p53 (20qx)
Lenovo ThinkPad P53s Firmware<n2iet88w
Lenovo ThinkPad P53s
Lenovo ThinkPad P72 Firmware<n2cet51w
Lenovo ThinkPad P72 (20MX)
Lenovo ThinkPad p73 (20qx) Firmware<n2net37w
Lenovo ThinkPad p73
Lenovo ThinkPad t490 (20nx) Firmware<n2iet88w
Lenovo ThinkPad t490 (20nx)
Lenovo ThinkPad t490 (20qx) Firmware<n2iet88w
Lenovo ThinkPad T490 (20QX)
Lenovo ThinkPad T490 Firmware<n2iet88w
Lenovo ThinkPad T490
Lenovo ThinkPad t490s (20nx) Firmware<n2jet87w
Lenovo ThinkPad t490s (20nx)
Lenovo ThinkPad T590 Firmware<n2iet88w
Lenovo ThinkPad T590
Lenovo ThinkPad X1 Carbon (20qx) Firmware<n2het47w
Lenovo ThinkPad X1 Carbon (20qx)
Lenovo ThinkPad X1 Carbon (20RX) Firmware<n2het47w
Lenovo ThinkPad X1 Carbon (20RX)
Lenovo ThinkPad x1 extreme (20mx) Firmware<n2eet47w
Lenovo ThinkPad X1 Extreme (20MX)
Lenovo ThinkPad x1 extreme (20qx) Firmware<n2oet44w
Lenovo ThinkPad X1 Extreme (20QX)
Lenovo ThinkPad x1 yoga (20qx) Firmware<n2het47w
Lenovo ThinkPad X1 Yoga (20QX)
Lenovo ThinkPad x1 yoga (20sx) Firmware<n2het47w
Lenovo ThinkPad X1 Yoga (20sx)
Lenovo ThinkPad x390 Firmware<n2jet87w
Lenovo ThinkPad x390
Lenovo ThinkPad x390 Firmware<n2set18w
Lenovo ThinkPad x390
Lenovo ThinkPad X390 Yoga Firmware<n2let74w
Lenovo ThinkPad X390 Yoga Firmware

Remedy

Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-30042.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2020-8336?

    CVE-2020-8336 has been assessed as a moderate severity vulnerability.

  • How do I fix CVE-2020-8336?

    To fix CVE-2020-8336, users should update the affected Lenovo ThinkPad firmware to versions released after July 10, 2020.

  • Which Lenovo models are affected by CVE-2020-8336?

    CVE-2020-8336 affects multiple Lenovo ThinkPad models with firmware versions prior to July 10, 2020.

  • Can I identify if my device is vulnerable to CVE-2020-8336?

    You can determine if your device is vulnerable to CVE-2020-8336 by checking the firmware version against the Lenovo support page.

  • What is the nature of the vulnerability in CVE-2020-8336?

    CVE-2020-8336 pertains to inadequate anti-rollback protections for Intel CSME firmware on certain Lenovo ThinkPad models.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203