7.2
CWE
428
Advisory Published
Updated

CVE-2020-8337

First published: Tue Jun 09 2020(Updated: )

An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Synaptics Smart Audio UWP<1.0.83.0
Lenovo 5-15ikb
Lenovo Air-14 2019
Lenovo C340-14iwl
Lenovo Flex-14iwl
Lenovo S540-14iwl
Lenovo S540-14iwl Touch
Lenovo Thinkpad 11e
Lenovo Thinkpad 13
Lenovo Thinkpad A275
Lenovo ThinkPad A285
Lenovo Thinkpad A475
Lenovo Thinkpad A485
Lenovo Thinkpad E450
Lenovo Thinkpad E450c
Lenovo Thinkpad E455
Lenovo Thinkpad E460
Lenovo Thinkpad E465
Lenovo Thinkpad E470
Lenovo Thinkpad E475
Lenovo Thinkpad E480
Lenovo Thinkpad E485
Lenovo Thinkpad E490
Lenovo Thinkpad E490s
Lenovo Thinkpad E540
Lenovo Thinkpad E545
Lenovo Thinkpad E550
Lenovo Thinkpad E550c
Lenovo Thinkpad E555
Lenovo Thinkpad E560
Lenovo Thinkpad E565
Lenovo Thinkpad E570
Lenovo Thinkpad E575
Lenovo Thinkpad E580
Lenovo Thinkpad E585
Lenovo Thinkpad E590
Lenovo Thinkpad Edge E440
Lenovo Thinkpad Edge E445
Lenovo Thinkpad L380
Lenovo Thinkpad L380 Yoga
Lenovo Thinkpad L390 Yoga
Lenovo Thinkpad L440
Lenovo Thinkpad L450
Lenovo Thinkpad L460
Lenovo Thinkpad L470
Lenovo Thinkpad L480
Lenovo Thinkpad L540
Lenovo Thinkpad L580
Lenovo Thinkpad P1
Lenovo Thinkpad P40
Lenovo Thinkpad P53
Lenovo Thinkpad P73
Lenovo Thinkpad R490
Lenovo Thinkpad R590
Lenovo Thinkpad S1 3rd
Lenovo Thinkpad S1 Yoga 12
Lenovo Thinkpad S2 Yoga 3rd Gen
Lenovo Thinkpad S2 Yoga 4th Gen
Lenovo Thinkpad S3
Lenovo Thinkpad S3-s440
Lenovo Thinkpad S3 3rd Gen
Lenovo Thinkpad S3 Yoga 14
Lenovo Thinkpad S5
Lenovo Thinkpad T450
Lenovo Thinkpad T450s
Lenovo ThinkPad T460
Lenovo ThinkPad T460p
Lenovo Thinkpad T470p
Lenovo Thinkpad X1 Extreme
Lenovo Thinkpad X260
Lenovo Thinkpad X270
Lenovo Thinkpad X380 Yoga
Lenovo Thinkpad Yoga 11e
Lenovo Thinkpad Yoga 11e 3rd Gen
Lenovo Thinkpad Yoga 11e 4th Gen
Lenovo Thinkpad Yoga 11e 5th Gen
Lenovo Thinkpad Yoga 14 460 S3
Lenovo Thinkpad Yoga 370
Lenovo V130-15igm
Lenovo V130-15ikb
Lenovo V310-15igm
Lenovo V330-15igm
Lenovo Yoga 14

Remedy

Update to version 1.0.83.0 (or later) of the Smart Audio app, which installs with the corresponding audio driver version.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2020-8337?

    The severity of CVE-2020-8337 is rated as high with a CVSS score of 6.7.

  • How can I fix the unquoted search path vulnerability in Synaptics Smart Audio UWP app?

    To fix the vulnerability, update the Synaptics Smart Audio UWP app to version 1.0.83.0 or newer.

  • Which Lenovo platforms are affected by CVE-2020-8337 vulnerability?

    The vulnerability affects Lenovo platforms associated with the DCHU audio drivers.

  • Is an administrative user able to execute arbitrary code due to CVE-2020-8337 vulnerability?

    Yes, an administrative user could exploit the vulnerability to execute arbitrary code.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203