CVE-2020-8335 : What You Need to Know

A vulnerability in Lenovo ThinkPad BIOS versions allows unauthorized access when the emergency-reset button is pressed.

Understanding CVE-2020-8335

This CVE involves a BIOS tamper detection issue in various Lenovo ThinkPad models, potentially leading to unauthorized access.

What is CVE-2020-8335?

The vulnerability in Lenovo ThinkPad BIOS versions up to specific releases allows unauthorized access when the emergency-reset button is activated.

The Impact of CVE-2020-8335

The vulnerability poses a medium-severity risk with a CVSS base score of 6.1. It has a high impact on availability and integrity, with no impact on confidentiality.

Technical Details of CVE-2020-8335

This section provides detailed technical information about the vulnerability.

Vulnerability Description

The BIOS tamper detection mechanism fails to trigger in Lenovo ThinkPad A285, A485, T495, and T495s/X395 BIOS versions when the emergency-reset button is pressed, potentially allowing unauthorized access.

Affected Systems and Versions

ThinkPad A285 BIOS: up to version r0xuj70w
ThinkPad A485 BIOS: up to version r0wuj65w
ThinkPad T495 BIOS: up to version r12uj55w
ThinkPad T495s/X395 BIOS: up to version r13uj47w

Exploitation Mechanism

Unauthorized access can occur when the emergency-reset button is pressed in affected BIOS versions, bypassing the tamper detection mechanism.

Mitigation and Prevention

Protect your system from CVE-2020-8335 with the following steps:

Immediate Steps to Take

Update BIOS to the specified versions or later:
ThinkPad A285: r0xuj70w
ThinkPad A485: r0wuj65w
ThinkPad T495: r12uj55w
ThinkPad T495s/X395: r13uj47w

Long-Term Security Practices

Regularly check for BIOS updates and apply them promptly.
Implement physical security measures to prevent unauthorized access to devices.

Patching and Updates

Ensure BIOS updates are regularly checked for and applied to mitigate the vulnerability effectively.