CVE-2020-8333
MEDIUMLenovo Desktop and ThinkStation Firmware - Arbitrary Code Execution via SMI Callback Function
Title source: llmDescription
A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://support.lenovo.com/us/en/product_security/LEN-30042
Scores
CVSS v3
6.4
EPSS
0.0004
EPSS Percentile
11.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (27)
lenovo/63_firmware
< fckt98a
lenovo/h50-30g_firmware
< fckt98a
lenovo/m4500_firmware
< fckt98a
lenovo/m4550_firmware
< fckt98a
lenovo/qitian_4500_firmware
< fckt98a
lenovo/qitian_b4550_firmware
< fckt98a
lenovo/qitian_m4550_firmware
< fckt98a
lenovo/thinkcentre_e73_firmware
< fckt98a
lenovo/thinkcentre_e73s_firmware
< fckt98a
lenovo/thinkcentre_e93_firmware
< fbktdea
... and 17 more
Published
Sep 24, 2020
Tracked Since
Feb 18, 2026