CVE-2020-8341
First published: Tue Sep 01 2020(Updated: )
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo Thinkpad T490 \(20nx\) Firmware | <n2iet90w | |
| Lenovo Thinkpad T490 \(20nx\) | ||
| Lenovo Thinkpad T490 \(20qx\) Firmware | <n2iet90w | |
| Lenovo Thinkpad T490 \(20qx\) | ||
| Lenovo Thinkpad T490 \(20rx\) Firmware | <n2ret16w | |
| Lenovo Thinkpad T490 \(20rx\) | ||
| Lenovo Thinkpad T490s \(20nx\) Firmware | <n2jet89w | |
| Lenovo Thinkpad T490s \(20nx\) | ||
| Lenovo Thinkpad T495 Drift Firmware | <2020-08-30 | |
| Lenovo Thinkpad T495 Drift | ||
| Lenovo Thinkpad T590 \(20nx\) Firmware | <n2iet90w | |
| Lenovo Thinkpad T590 \(20nx\) | ||
| Lenovo Thinkpad X1 Carbon \(20qx\) Firmware | <n2het54w | |
| Lenovo Thinkpad X1 Carbon \(20qx\) | ||
| Lenovo Thinkpad X1 Yoga \(20qx\) Firmware | <n2het54w | |
| Lenovo Thinkpad X1 Yoga \(20qx\) | ||
| Lenovo Thinkpad X390 \(20qx\) Firmware | <n2jet89w | |
| Lenovo Thinkpad X390 \(20qx\) | ||
| Lenovo Thinkpad X390 \(20sx\) Firmware | <n2set18w | |
| Lenovo Thinkpad X390 \(20sx\) |
Remedy
No action required. Lenovo has updated BIOS for systems in the product impact section to implement this secondary protection, PRx.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Lenovo systems vulnerability?
The vulnerability ID for this Lenovo systems vulnerability is CVE-2020-8341.
What is SMM BIOS Write Protection in Lenovo systems?
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash.
What is the additional layer of protection provided by SPI Protected Range Registers (PRx)?
SPI Protected Range Registers (PRx) provide an additional layer of protection in Lenovo systems.
What is the severity of CVE-2020-8341?
The severity of CVE-2020-8341 is low, with a severity value of 2.4.
Where can I find more information about this vulnerability?
More information about this vulnerability can be found on the Lenovo product security website.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/references
- agent/severity
- agent/remedy
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/lenovo
- canonical/lenovo thinkpad t490 \(20nx\) firmware
- canonical/lenovo thinkpad t490 \(20nx\)
- canonical/lenovo thinkpad t490 \(20qx\) firmware
- canonical/lenovo thinkpad t490 \(20qx\)
- canonical/lenovo thinkpad t490 \(20rx\) firmware
- canonical/lenovo thinkpad t490 \(20rx\)
- canonical/lenovo thinkpad t490s \(20nx\) firmware
- canonical/lenovo thinkpad t490s \(20nx\)
- canonical/lenovo thinkpad t495 drift firmware
- canonical/lenovo thinkpad t495 drift
- canonical/lenovo thinkpad t590 \(20nx\) firmware
- canonical/lenovo thinkpad t590 \(20nx\)
- canonical/lenovo thinkpad x1 carbon \(20qx\) firmware
- canonical/lenovo thinkpad x1 carbon \(20qx\)
- canonical/lenovo thinkpad x1 yoga \(20qx\) firmware
- canonical/lenovo thinkpad x1 yoga \(20qx\)
- canonical/lenovo thinkpad x390 \(20qx\) firmware
- canonical/lenovo thinkpad x390 \(20qx\)
- canonical/lenovo thinkpad x390 \(20sx\) firmware
- canonical/lenovo thinkpad x390 \(20sx\)