Lenovo ThinkPad BIOS Tamper Detection Flaw
CVE-2020-8335

6.1MEDIUM

Key Information:

Vendor: Lenovo
Status: Thinkpad A285 BiOS; Thinkpad A485 BiOS; Thinkpad T495 BiOS; Thinkpad T495s/x395 BiOS
Vendor: CVE Published:; 1 September 2020

Summary

A vulnerability exists in the BIOS tamper detection mechanism of Lenovo ThinkPad laptops. Specifically, in models including the A285, A485, T495, T495s, and X395, the detection system fails to activate when the emergency-reset button is pressed. This oversight can potentially allow unauthorized access to the system, posing a significant risk to data integrity and device security.

Affected Version(s)

ThinkPad A285 BIOS < unspecified

ThinkPad A485 BIOS < unspecified

ThinkPad T495 BIOS < unspecified

References

https://support.lenovo.com/us/en/product_security/LEN-30042

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 1, 2020
Vulnerability Reserved
Jan 28, 2020

Credit

Lenovo thanks Zoltan Harmath for reporting this issue.