2.4

CVE-2020-8341

In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.

Data is provided by the National Vulnerability Database (NVD)
LenovoThinkpad T490 (20nx) Firmware Version < n2iet90w
   LenovoThinkpad T490 (20nx) Version-
LenovoThinkpad T490 (20qx) Firmware Version < n2iet90w
   LenovoThinkpad T490 (20qx) Version-
LenovoThinkpad T490 (20rx) Firmware Version < n2ret16w
   LenovoThinkpad T490 (20rx) Version-
LenovoThinkpad T490s (20nx) Firmware Version < n2jet89w
   LenovoThinkpad T490s (20nx) Version-
LenovoThinkpad T495 Drift Firmware Version < 2020-08-30
   LenovoThinkpad T495 Drift Version-
LenovoThinkpad T590 (20nx) Firmware Version < n2iet90w
   LenovoThinkpad T590 (20nx) Version-
LenovoThinkpad X1 Yoga (20qx) Firmware Version < n2het54w
   LenovoThinkpad X1 Yoga (20qx) Version-
LenovoThinkpad X390 (20qx) Firmware Version < n2jet89w
   LenovoThinkpad X390 (20qx) Version-
LenovoThinkpad X390 (20sx) Firmware Version < n2set18w
   LenovoThinkpad X390 (20sx) Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.06% 0.149
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 2.4 0.9 1.4
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:P/A:N