CVE-2020-8323
MEDIUMLenovo ThinkPad, ThinkStation, and Notebook Firmware - Arbitrary Code Execution via Legacy SD Driver SMI Callback
Title source: llmDescription
A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.lenovo.com/us/en/product_security/LEN-30042
Scores
CVSS v3
6.4
EPSS
0.0005
EPSS Percentile
15.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (50)
lenovo/14iwl_firmware
lenovo/330-14ast_firmware
lenovo/330-15ast_firmware
lenovo/330-17ast_firmware
lenovo/340c-15api_firmware
lenovo/340c-15ast_firmware
lenovo/6_pro-13-iwl_firmware
lenovo/6_pro-14-iwl_firmware
lenovo/720s-15ikb_firmware
lenovo/720s_touch-15ikb_firmware
... and 40 more
Published
Jun 09, 2020
Tracked Since
Feb 18, 2026