CVE-2020-8337
First published: Tue Jun 09 2020(Updated: )
An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Synaptics audio drivers | <1.0.83.0 | |
| Lenovo Wei5-15IKB Firmware | ||
| Lenovo Air 14 (2019) | ||
| Lenovo c340-14iwl firmware | ||
| Lenovo Flex 14IWL Firmware | ||
| Lenovo S540-14iwl Firmware | ||
| Lenovo s540-14iwl touch firmware | ||
| Lenovo ThinkPad 11e Chromebook | ||
| Lenovo ThinkPad 13 firmware | ||
| Lenovo ThinkPad A275 Firmware | ||
| Lenovo ThinkPad A285 Firmware | ||
| Lenovo ThinkPad A475 Firmware | ||
| Lenovo ThinkPad A485 Firmware | ||
| Lenovo ThinkPad E450 BIOS | ||
| Lenovo ThinkPad E450c | ||
| Lenovo ThinkPad E455 Firmware | ||
| Lenovo ThinkPad E460 Firmware | ||
| Lenovo ThinkPad E465 BIOS | ||
| Lenovo ThinkPad E470 Firmware | ||
| Lenovo ThinkPad E475 Firmware | ||
| Lenovo ThinkPad E480 | ||
| Lenovo ThinkPad E485 | ||
| Lenovo ThinkPad E490 | ||
| Lenovo ThinkPad E490s Firmware | ||
| Lenovo ThinkPad Edge E540 | ||
| Lenovo ThinkPad Edge E545 BIOS | ||
| Lenovo ThinkPad E550 BIOS | ||
| Lenovo ThinkPad E550c BIOS | ||
| Lenovo ThinkPad E555 Firmware | ||
| Lenovo ThinkPad E560 Firmware | ||
| Lenovo ThinkPad E565 BIOS | ||
| Lenovo ThinkPad E570 Firmware | ||
| Lenovo ThinkPad E575 Firmware | ||
| Lenovo Thinkpad E580 | ||
| Lenovo ThinkPad E585 Firmware | ||
| Lenovo ThinkPad E590 | ||
| Lenovo ThinkPad Edge E440 | ||
| Lenovo ThinkPad Edge E445 | ||
| Lenovo ThinkPad L380 | ||
| Lenovo ThinkPad L380 Yoga Firmware | ||
| Lenovo ThinkPad L390 Yoga Firmware | ||
| Lenovo ThinkPad L440 | ||
| Lenovo ThinkPad L450 | ||
| Lenovo ThinkPad L460 Firmware | ||
| Lenovo ThinkPad L470 Firmware | ||
| Lenovo ThinkPad L480 | ||
| Lenovo ThinkPad L540 BIOS | ||
| Lenovo ThinkPad L580 Firmware | ||
| Lenovo ThinkPad P1 Firmware | ||
| Lenovo ThinkPad P40 Firmware | ||
| Lenovo ThinkPad P53s | ||
| Lenovo ThinkPad P73 | ||
| Lenovo ThinkPad R490 Firmware | ||
| Lenovo ThinkPad R590 Firmware | ||
| Lenovo ThinkPad S1 | ||
| Lenovo ThinkPad S1 Yoga 12 BIOS | ||
| Lenovo ThinkPad S2 Yoga 3rd Gen Firmware | ||
| Lenovo ThinkPad S2 Yoga 4th Gen Firmware | ||
| Lenovo ThinkPad S3 Firmware | ||
| Lenovo ThinkPad S3 S440 Firmware | ||
| Lenovo ThinkPad S3 | ||
| Lenovo ThinkPad Yoga 14 (460) S3 BIOS | ||
| Lenovo ThinkPad S5 2nd Generation | ||
| Lenovo ThinkPad T450 Firmware | ||
| Lenovo ThinkPad T450s Firmware | ||
| Lenovo ThinkPad T460 firmware | ||
| Lenovo ThinkPad T460p BIOS | ||
| Lenovo ThinkPad T470p firmware | ||
| Lenovo ThinkPad X1 Extreme (2nd Gen) | ||
| Lenovo ThinkPad x260 firmware | ||
| Lenovo ThinkPad X270 | ||
| Lenovo ThinkPad X380 Yoga | ||
| Lenovo ThinkPad 11e YOGA | ||
| Lenovo ThinkPad Yoga 11e 3rd Gen Firmware | ||
| Lenovo Yoga 11e 4th Gen Firmware | ||
| Lenovo ThinkPad Yoga 11e 5th Gen Firmware | ||
| Lenovo ThinkPad Yoga 14 (460) S3 BIOS | ||
| Lenovo ThinkPad Yoga 370 Firmware | ||
| Lenovo v130-15igm firmware | ||
| Lenovo V130-15IKB | ||
| Lenovo v310-15igm firmware | ||
| Lenovo V330-15IGM Firmware | ||
| Lenovo Yoga 14 |
Remedy
Update to version 1.0.83.0 (or later) of the Smart Audio app, which installs with the corresponding audio driver version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-8337?
The severity of CVE-2020-8337 is rated as high with a CVSS score of 6.7.
How can I fix the unquoted search path vulnerability in Synaptics Smart Audio UWP app?
To fix the vulnerability, update the Synaptics Smart Audio UWP app to version 1.0.83.0 or newer.
Which Lenovo platforms are affected by CVE-2020-8337 vulnerability?
The vulnerability affects Lenovo platforms associated with the DCHU audio drivers.
Is an administrative user able to execute arbitrary code due to CVE-2020-8337 vulnerability?
Yes, an administrative user could exploit the vulnerability to execute arbitrary code.
- agent/references
- agent/type
- agent/weakness
- agent/author
- agent/severity
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/synaptics
- canonical/synaptics audio drivers
- vendor/lenovo
- canonical/lenovo wei5-15ikb firmware
- canonical/lenovo air 14 (2019)
- canonical/lenovo c340-14iwl firmware
- canonical/lenovo flex 14iwl firmware
- canonical/lenovo s540-14iwl firmware
- canonical/lenovo s540-14iwl touch firmware
- canonical/lenovo thinkpad 11e chromebook
- canonical/lenovo thinkpad 13 firmware
- canonical/lenovo thinkpad a275 firmware
- canonical/lenovo thinkpad a285 firmware
- canonical/lenovo thinkpad a475 firmware
- canonical/lenovo thinkpad a485 firmware
- canonical/lenovo thinkpad e450 bios
- canonical/lenovo thinkpad e450c
- canonical/lenovo thinkpad e455 firmware
- canonical/lenovo thinkpad e460 firmware
- canonical/lenovo thinkpad e465 bios
- canonical/lenovo thinkpad e470 firmware
- canonical/lenovo thinkpad e475 firmware
- canonical/lenovo thinkpad e480
- canonical/lenovo thinkpad e485
- canonical/lenovo thinkpad e490
- canonical/lenovo thinkpad e490s firmware
- canonical/lenovo thinkpad edge e540
- canonical/lenovo thinkpad edge e545 bios
- canonical/lenovo thinkpad e550 bios
- canonical/lenovo thinkpad e550c bios
- canonical/lenovo thinkpad e555 firmware
- canonical/lenovo thinkpad e560 firmware
- canonical/lenovo thinkpad e565 bios
- canonical/lenovo thinkpad e570 firmware
- canonical/lenovo thinkpad e575 firmware
- canonical/lenovo thinkpad e580
- canonical/lenovo thinkpad e585 firmware
- canonical/lenovo thinkpad e590
- canonical/lenovo thinkpad edge e440
- canonical/lenovo thinkpad edge e445
- canonical/lenovo thinkpad l380
- canonical/lenovo thinkpad l380 yoga firmware
- canonical/lenovo thinkpad l390 yoga firmware
- canonical/lenovo thinkpad l440
- canonical/lenovo thinkpad l450
- canonical/lenovo thinkpad l460 firmware
- canonical/lenovo thinkpad l470 firmware
- canonical/lenovo thinkpad l480
- canonical/lenovo thinkpad l540 bios
- canonical/lenovo thinkpad l580 firmware
- canonical/lenovo thinkpad p1 firmware
- canonical/lenovo thinkpad p40 firmware
- canonical/lenovo thinkpad p53s
- canonical/lenovo thinkpad p73
- canonical/lenovo thinkpad r490 firmware
- canonical/lenovo thinkpad r590 firmware
- canonical/lenovo thinkpad s1
- canonical/lenovo thinkpad s1 yoga 12 bios
- canonical/lenovo thinkpad s2 yoga 3rd gen firmware
- canonical/lenovo thinkpad s2 yoga 4th gen firmware
- canonical/lenovo thinkpad s3 firmware
- canonical/lenovo thinkpad s3 s440 firmware
- canonical/lenovo thinkpad s3
- canonical/lenovo thinkpad yoga 14 (460) s3 bios
- canonical/lenovo thinkpad s5 2nd generation
- canonical/lenovo thinkpad t450 firmware
- canonical/lenovo thinkpad t450s firmware
- canonical/lenovo thinkpad t460 firmware
- canonical/lenovo thinkpad t460p bios
- canonical/lenovo thinkpad t470p firmware
- canonical/lenovo thinkpad x1 extreme (2nd gen)
- canonical/lenovo thinkpad x260 firmware
- canonical/lenovo thinkpad x270
- canonical/lenovo thinkpad x380 yoga
- canonical/lenovo thinkpad 11e yoga
- canonical/lenovo thinkpad yoga 11e 3rd gen firmware
- canonical/lenovo yoga 11e 4th gen firmware
- canonical/lenovo thinkpad yoga 11e 5th gen firmware
- canonical/lenovo thinkpad yoga 370 firmware
- canonical/lenovo v130-15igm firmware
- canonical/lenovo v130-15ikb
- canonical/lenovo v310-15igm firmware
- canonical/lenovo v330-15igm firmware
- canonical/lenovo yoga 14