CVE-2020-8332
MEDIUMLenovo BladeCenter HS23 - Arbitrary Code Execution via SMI Callback Race Condition in BIOS USB Driver
Title source: llmDescription
A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.lenovo.com/us/en/product_security/LEN-38625
Scores
CVSS v3
6.4
EPSS
0.0003
EPSS Percentile
10.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-367
Status
published
Products (18)
lenovo/bladecenter_hs23_firmware
< tke170b
lenovo/bladecenter_hs23e_firmware
< ahe172b
lenovo/compute_node-x440_firmware
< cge128a
lenovo/flex_system_x220_firmware
< kse170b
lenovo/flex_system_x240_firmware
< b2e172b
lenovo/flex_system_x440_firmware
< cne172b
lenovo/idataplex_dx360_m4_firmware
< tde168b
lenovo/idataplex_dx360_m4_water_cooled_firmware
< tde168b
lenovo/nextscale_nx360_m4_firmware
< fhe132b
lenovo/system_x3300_m4_firmware
< yae166b
... and 8 more
Published
Oct 14, 2020
Tracked Since
Feb 18, 2026