CVE-2020-8332 : A potential vulnerability in the SMI callback function used in the legacy BIOS m

A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.

Published 2020-10-14 22:15:13

Updated 2020-10-29 19:53:41

Source Lenovo Group Ltd.

View at NVD, CVE.org

Products affected by CVE-2020-8332

Lenovo » System X3750 M4 Firmware
Versions before (<) koe170b
cpe:2.3:o:lenovo:system_x3750_m4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » System X3750 M4 » Version: N/A
Lenovo » System X3750 M4 Firmware
Versions before (<) a5e130a
cpe:2.3:o:lenovo:system_x3750_m4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » System X3750 M4 » Version: N/A
Lenovo » Bladecenter Hs23 Firmware
Versions before (<) tke170b
cpe:2.3:o:lenovo:bladecenter_hs23_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Bladecenter Hs23 » Version: N/A
Lenovo » Bladecenter Hs23e Firmware
Versions before (<) ahe172b
cpe:2.3:o:lenovo:bladecenter_hs23e_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Bladecenter Hs23e » Version: N/A
Lenovo » Compute Node-x440 Firmware
Versions before (<) cge128a
cpe:2.3:o:lenovo:compute_node-x440_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Compute Node-x440 » Version: N/A
Lenovo » Flex System X220 Firmware
Versions before (<) kse170b
cpe:2.3:o:lenovo:flex_system_x220_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Flex System X220 » Version: N/A
Lenovo » Flex System X240 Firmware
Versions before (<) b2e172b
cpe:2.3:o:lenovo:flex_system_x240_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Flex System X240 » Version: N/A
Lenovo » Flex System X440 Firmware
Versions before (<) cne172b
cpe:2.3:o:lenovo:flex_system_x440_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Flex System X440 » Version: N/A
Lenovo » Nextscale Nx360 M4 Firmware
Versions before (<) fhe132b
cpe:2.3:o:lenovo:nextscale_nx360_m4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Nextscale Nx360 M4 » Version: N/A
Lenovo » System X3300 M4 Firmware
Versions before (<) yae166b
cpe:2.3:o:lenovo:system_x3300_m4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » System X3300 M4 » Version: N/A
Lenovo » System X3500 M4 Firmware
Versions before (<) y5e170b
cpe:2.3:o:lenovo:system_x3500_m4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » System X3500 M4 » Version: N/A
Lenovo » System X3530 M4 Firmware
Versions before (<) bee174b
cpe:2.3:o:lenovo:system_x3530_m4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » System X3530 M4 » Version: N/A
Lenovo » System X3550 M4 Firmware
Versions before (<) d7e174b
cpe:2.3:o:lenovo:system_x3550_m4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » System X3550 M4 » Version: N/A
Lenovo » System X3630 M4 Firmware
Versions before (<) bee174b
cpe:2.3:o:lenovo:system_x3630_m4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » System X3630 M4 » Version: N/A
Lenovo » System X3650 M4 Firmware
Versions before (<) vve172b
cpe:2.3:o:lenovo:system_x3650_m4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » System X3650 M4 » Version: N/A
Lenovo » System X3650 M4 Bd Firmware
Versions before (<) vve172b
cpe:2.3:o:lenovo:system_x3650_m4_bd_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » System X3650 M4 Bd » Version: N/A
Lenovo » System X3650 M4 Hd Firmware
Versions before (<) vve172b
cpe:2.3:o:lenovo:system_x3650_m4_hd_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » System X3650 M4 Hd » Version: N/A
Lenovo » Idataplex Dx360 M4 Firmware
Versions before (<) tde168b
cpe:2.3:o:lenovo:idataplex_dx360_m4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Idataplex Dx360 M4 » Version: N/A
Lenovo » Idataplex Dx360 M4 Water Cooled Firmware
Versions before (<) tde168b
cpe:2.3:o:lenovo:idataplex_dx360_m4_water_cooled_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » Idataplex Dx360 M4 Water Cooled » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-8332

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 7 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-8332

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
6.4	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	0.5	5.9	NIST
Attack Vector: Local Attack Complexity: High Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
6.4	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	0.5	5.9	Lenovo Group Ltd.
Attack Vector: Local Attack Complexity: High Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-8332

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.
Assigned by:
- nvd@nist.gov (Primary)
- psirt@lenovo.com (Secondary)

References for CVE-2020-8332

https://support.lenovo.com/us/en/product_security/LEN-38625

System Management Mode (SMM) BIOS Vulnerability in some legacy System x servers - Lenovo Support US
Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-8332

Products affected by CVE-2020-8332

Exploit prediction scoring system (EPSS) score for CVE-2020-8332

CVSS scores for CVE-2020-8332

CWE ids for CVE-2020-8332

References for CVE-2020-8332