6.7
MEDIUM
CVE-2020-8322
Lenovo Legacy USB Driver Code Execution Vulnerability
Description

A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.

INFO

Published Date :

June 9, 2020, 8:15 p.m.

Last Modified :

Nov. 21, 2024, 5:38 a.m.

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

0.8
Affected Products

The following products are affected by CVE-2020-8322 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Lenovo e42-80_firmware
2 Lenovo e52-80_firmware
3 Lenovo miix_720-12ikb_firmware
4 Lenovo s145-14api_firmware
5 Lenovo s145-14ast_firmware
6 Lenovo s145-15api_firmware
7 Lenovo s145-15ast_firmware
8 Lenovo s540-13api_firmware
9 Lenovo v130-15ikb_firmware
10 Lenovo v330-15igm_firmware
11 Lenovo 720s_touch-15ikb_firmware
12 Lenovo 720s-15ikb_firmware
13 Lenovo 730s-13iwl_firmware
14 Lenovo s940-14iwl_firmware
15 Lenovo v110-14ikb_firmware
16 Lenovo v330-15ikb_firmware
17 Lenovo v330-15isk_firmware
18 Lenovo v730-15ikb_firmware
19 Lenovo wei5-15ikb_firmware
20 Lenovo yoga_s730-13iwl_firmware
21 Lenovo yoga_s940-14iwl_firmware
22 Lenovo e53-80_firmware
23 Lenovo v130-15igm_firmware
24 Lenovo 330-14ast_firmware
25 Lenovo 330-15ast_firmware
26 Lenovo 330-17ast_firmware
27 Lenovo 340c-15api_firmware
28 Lenovo 340c-15ast_firmware
29 Lenovo c640-iml_firmware
30 Lenovo k22-80_firmware
31 Lenovo v720-12_firmware
32 Lenovo k32-80_kbl_firmware
33 Lenovo k32-80_skl_firmware
34 Lenovo s750-iil_firmware
35 Lenovo thinkbook_13s-iwl_firmware
36 Lenovo thinkbook_14s-iwl_firmware
37 Lenovo v110-14ast_firmware
38 Lenovo v110-15ast_firmware
39 Lenovo v310-15igm_firmware
40 Lenovo v340-iil_firmware
41 Lenovo v340-iml_firmware
42 Lenovo v540s-13_firmware
43 Lenovo 14iwl_firmware
44 Lenovo v730-13ikb_firmware
45 Lenovo v730-13isk_firmware
46 Lenovo xiaoxin_14-ast_qc_2019_firmware
47 Lenovo xx-14api_qc_2019_firmware
48 Lenovo 6_pro-13-iwl_firmware
49 Lenovo 6_pro-14-iwl_firmware
50 Lenovo k3_firmware
51 Lenovo k4-iwl_firmware
52 Lenovo miix_720-12ikb
53 Lenovo e42-80
54 Lenovo e52-80
55 Lenovo 720s_touch-15ikb
56 Lenovo 720s-15ikb
57 Lenovo e53-80
58 Lenovo v330-15ikb
59 Lenovo v330-15isk
60 Lenovo v730-15ikb
61 Lenovo v330-15igm
62 Lenovo 730s-13iwl
63 Lenovo s940-14iwl
64 Lenovo v110-14ikb
65 Lenovo v130-15ikb
66 Lenovo wei5-15ikb
67 Lenovo yoga_s730-13iwl
68 Lenovo yoga_s940-14iwl
69 Lenovo 330-14ast
70 Lenovo 330-15ast
71 Lenovo 330-17ast
72 Lenovo 340c-15api
73 Lenovo 340c-15ast
74 Lenovo c640-iml
75 Lenovo k22-80
76 Lenovo v720-12
77 Lenovo k32-80_kbl
78 Lenovo k32-80_skl
79 Lenovo s145-14api
80 Lenovo s145-14ast
81 Lenovo s145-15api
82 Lenovo s145-15ast
83 Lenovo s540-13api
84 Lenovo s750-iil
85 Lenovo thinkbook_13s-iwl
86 Lenovo thinkbook_14s-iwl
87 Lenovo v110-14ast
88 Lenovo v110-15ast
89 Lenovo v130-15igm
90 Lenovo v310-15igm
91 Lenovo v340-iil
92 Lenovo v340-iml
93 Lenovo v540s-13
94 Lenovo 14iwl
95 Lenovo v730-13ikb
96 Lenovo v730-13isk
97 Lenovo xiaoxin_14-ast_qc_2019
98 Lenovo xx-14api_qc_2019
99 Lenovo 6_pro-13-iwl
100 Lenovo 6_pro-14-iwl
101 Lenovo k3
102 Lenovo k4-iwl
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2020-8322.

URL Resource
https://support.lenovo.com/us/en/product_security/LEN-30042 Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-30042 Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2020-8322 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2020-8322 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://support.lenovo.com/us/en/product_security/LEN-30042
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Jun. 17, 2020

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:L/AC:L/Au:N/C:P/I:P/A:P)
    Added CVSS V3.1 NIST AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://support.lenovo.com/us/en/product_security/LEN-30042 No Types Assigned https://support.lenovo.com/us/en/product_security/LEN-30042 Vendor Advisory
    Added CWE NIST NVD-CWE-noinfo
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:330-14ast_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:330-14ast:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:330-15ast_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:330-15ast:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:330-17ast_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:330-17ast:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:340c-15api_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:340c-15api:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:340c-15ast_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:340c-15ast:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:720s_touch-15ikb_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:720s_touch-15ikb:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:720s-15ikb_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:720s-15ikb:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:730s-13iwl_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:730s-13iwl:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:c640-iml_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:c640-iml:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:e42-80_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:e42-80:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:e52-80_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:e52-80:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:k22-80_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:k22-80:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:v720-12_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:v720-12:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:k32-80_kbl_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:k32-80_kbl:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:k32-80_skl_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:k32-80_skl:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:miix_720-12ikb_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:miix_720-12ikb:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:s145-14api_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:s145-14api:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:s145-14ast_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:s145-14ast:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:s145-15api_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:s145-15api:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:s145-15ast_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:s145-15ast:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:s540-13api_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:s540-13api:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:s750-iil_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:s750-iil:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:s940-14iwl_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:s940-14iwl:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkbook_13s-iwl_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:thinkbook_13s-iwl:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkbook_14s-iwl_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:thinkbook_14s-iwl:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:v110-14ast_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:v110-14ast:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:v110-14ikb_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:v110-14ikb:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:v110-15ast_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:v110-15ast:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:v130-15igm_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:v130-15igm:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:v130-15ikb_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:v130-15ikb:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:v310-15igm_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:v310-15igm:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:v330-15igm_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:v330-15igm:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:v330-15ikb_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:v330-15ikb:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:v330-15isk_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:v330-15isk:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:v340-iil_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:v340-iil:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:v340-iml_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:v340-iml:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:v540s-13_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:v540s-13:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:14iwl_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:14iwl:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:v730-13ikb_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:v730-13ikb:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:v730-13isk_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:v730-13isk:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:v730-15ikb_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:v730-15ikb:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:wei5-15ikb_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:wei5-15ikb:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:xiaoxin_14-ast_qc_2019_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:xiaoxin_14-ast_qc_2019:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:xx-14api_qc_2019_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:xx-14api_qc_2019:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:yoga_s730-13iwl_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:yoga_s730-13iwl:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:yoga_s940-14iwl_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:yoga_s940-14iwl:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:6_pro-13-iwl_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:6_pro-13-iwl:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:6_pro-14-iwl_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:6_pro-14-iwl:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:e53-80_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:e53-80:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:k3_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:k3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:k4-iwl_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:lenovo:k4-iwl:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2020-8322 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2020-8322 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.04 }} 0.00%

score

0.10264

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability