First published: Tue Jun 09 2020(Updated: )
An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.
Credit: psirt@lenovo.com
Affected Software | Affected Version | How to fix |
---|---|---|
Synaptics Smart Audio UWP | <1.0.83.0 | |
Lenovo 5-15ikb | ||
Lenovo Air-14 2019 | ||
Lenovo C340-14iwl | ||
Lenovo Flex-14iwl | ||
Lenovo S540-14iwl | ||
Lenovo S540-14iwl Touch | ||
Lenovo Thinkpad 11e | ||
Lenovo Thinkpad 13 | ||
Lenovo Thinkpad A275 | ||
Lenovo ThinkPad A285 | ||
Lenovo Thinkpad A475 | ||
Lenovo Thinkpad A485 | ||
Lenovo Thinkpad E450 | ||
Lenovo Thinkpad E450c | ||
Lenovo Thinkpad E455 | ||
Lenovo Thinkpad E460 | ||
Lenovo Thinkpad E465 | ||
Lenovo Thinkpad E470 | ||
Lenovo Thinkpad E475 | ||
Lenovo Thinkpad E480 | ||
Lenovo Thinkpad E485 | ||
Lenovo Thinkpad E490 | ||
Lenovo Thinkpad E490s | ||
Lenovo Thinkpad E540 | ||
Lenovo Thinkpad E545 | ||
Lenovo Thinkpad E550 | ||
Lenovo Thinkpad E550c | ||
Lenovo Thinkpad E555 | ||
Lenovo Thinkpad E560 | ||
Lenovo Thinkpad E565 | ||
Lenovo Thinkpad E570 | ||
Lenovo Thinkpad E575 | ||
Lenovo Thinkpad E580 | ||
Lenovo Thinkpad E585 | ||
Lenovo Thinkpad E590 | ||
Lenovo Thinkpad Edge E440 | ||
Lenovo Thinkpad Edge E445 | ||
Lenovo Thinkpad L380 | ||
Lenovo Thinkpad L380 Yoga | ||
Lenovo Thinkpad L390 Yoga | ||
Lenovo Thinkpad L440 | ||
Lenovo Thinkpad L450 | ||
Lenovo Thinkpad L460 | ||
Lenovo Thinkpad L470 | ||
Lenovo Thinkpad L480 | ||
Lenovo Thinkpad L540 | ||
Lenovo Thinkpad L580 | ||
Lenovo Thinkpad P1 | ||
Lenovo Thinkpad P40 | ||
Lenovo Thinkpad P53 | ||
Lenovo Thinkpad P73 | ||
Lenovo Thinkpad R490 | ||
Lenovo Thinkpad R590 | ||
Lenovo Thinkpad S1 3rd | ||
Lenovo Thinkpad S1 Yoga 12 | ||
Lenovo Thinkpad S2 Yoga 3rd Gen | ||
Lenovo Thinkpad S2 Yoga 4th Gen | ||
Lenovo Thinkpad S3 | ||
Lenovo Thinkpad S3-s440 | ||
Lenovo Thinkpad S3 3rd Gen | ||
Lenovo Thinkpad S3 Yoga 14 | ||
Lenovo Thinkpad S5 | ||
Lenovo Thinkpad T450 | ||
Lenovo Thinkpad T450s | ||
Lenovo ThinkPad T460 | ||
Lenovo ThinkPad T460p | ||
Lenovo Thinkpad T470p | ||
Lenovo Thinkpad X1 Extreme | ||
Lenovo Thinkpad X260 | ||
Lenovo Thinkpad X270 | ||
Lenovo Thinkpad X380 Yoga | ||
Lenovo Thinkpad Yoga 11e | ||
Lenovo Thinkpad Yoga 11e 3rd Gen | ||
Lenovo Thinkpad Yoga 11e 4th Gen | ||
Lenovo Thinkpad Yoga 11e 5th Gen | ||
Lenovo Thinkpad Yoga 14 460 S3 | ||
Lenovo Thinkpad Yoga 370 | ||
Lenovo V130-15igm | ||
Lenovo V130-15ikb | ||
Lenovo V310-15igm | ||
Lenovo V330-15igm | ||
Lenovo Yoga 14 |
Update to version 1.0.83.0 (or later) of the Smart Audio app, which installs with the corresponding audio driver version.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-8337 is rated as high with a CVSS score of 6.7.
To fix the vulnerability, update the Synaptics Smart Audio UWP app to version 1.0.83.0 or newer.
The vulnerability affects Lenovo platforms associated with the DCHU audio drivers.
Yes, an administrative user could exploit the vulnerability to execute arbitrary code.