CVE-2020-8341
https://notcve.org/view.php?id=CVE-2020-8341
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected. En los sistemas Lenovo, SMM BIOS Write Protection es usada para impedir escrituras en la SPI Flash. • https://support.lenovo.com/us/en/product_security/LEN-30042 •
CVE-2019-18618
https://notcve.org/view.php?id=CVE-2019-18618
Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table. Un control de acceso incorrecto en el firmware de los sensores de huellas dactilares de la familia Synaptics VFS75xx que incluye flash externo (todas las versiones anteriores al 15/11/2019) permite a un administrador local o atacante físico comprometer la confidencialidad de los datos del sensor por medio de una inyección de una tabla de partición no verificada • https://support.hp.com/us-en/document/c06696474 https://support.lenovo.com/us/en/product_security/LEN-31372 https://www.synaptics.com/company/blog https://www.synaptics.com/sites/default/files/fingerprint-sensor-VFS7500-security-brief-2020-07-14.pdf •
CVE-2019-18619
https://notcve.org/view.php?id=CVE-2019-18619
Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers. Una comprobación incorrecta de parámetros en el componente synaTee de los controladores Synaptics WBF que usan un enclave SGX (todas las versiones anteriores al 15/11/2019) permite a un usuario local ejecutar código arbitrario en el enclave (que puede comprometer la confidencialidad de los datos de enclave) por medio de una API que aceptan punteros no válidos • https://support.hp.com/hk-en/document/c06696568 https://support.lenovo.com/us/en/product_security/LEN-31372 https://www.synaptics.com/company/blog https://www.synaptics.com/sites/default/files/fingerprint-driver-SGX-security-brief-2020-07-14.pdf https://www.syssec.wiwi.uni-due.de/en/research/research-projects/analysis-of-tee-software • CWE-763: Release of Invalid Pointer or Reference •
CVE-2020-8336
https://notcve.org/view.php?id=CVE-2020-8336
Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash. Lenovo implementó protecciones de Intel CSME Anti-rollback ARB en algunos modelos ThinkPad para impedir la reversión del Firmware CSME en flash • https://support.lenovo.com/us/en/product_security/LEN-30042 •
CVE-2020-8323
https://notcve.org/view.php?id=CVE-2020-8323
A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution. Una potencial vulnerabilidad en la función de devolución de llamada SMI usada en el controlador Legacy SD en algunos modelos Lenovo ThinkPad, ThinkStation y Lenovo Notebook, lo que puede permitir una ejecución de código arbitraria • https://support.lenovo.com/us/en/product_security/LEN-30042 •