Support

Lenovo System Update Vulnerability

Lenovo System Update Vulnerability

RSS

Lenovo System Update Vulnerability

Lenovo Security Advisory: LEN-42150

Potential Impact: Privilege escalation

Severity: High

Scope of Impact: Lenovo-specific

CVE Identifier: CVE-2020-8342

Summary Description:

A race condition vulnerability was reported in Lenovo System Update that could allow escalation of privilege.

Mitigation Strategy for Customers (what you should do to protect yourself):

Upgrade to the Lenovo System Update version 5.07.0106 (or newer).

Acknowledgement:

Lenovo thanks Security Advisor, Anders Kusk, Improsec ApS for reporting this issue.

Revision History:

Revision Date Description
1 2020-09-08 Initial release

For a complete list of all Lenovo Product Security Advisories, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.

Alias Id:LEN-42150
Document ID:PS500347
Original Publish Date:09/06/2020
Last Modified Date:09/08/2020
X

Lenovo uses cookies to improve your experience.

Visit our Cookie Consent Tool to manage your preferences, or our Privacy Policy for more information.

Back to Previous Page
X
lenovo

Information We Collect About You

We want to be transparent about the data we and our partners collect and how we use it, so you can best exercise control over your personal data. For more information, please see our Privacy Policy.

Our cookie consent tool offers you greater visibility and control over how your preferences are stored on the site. However, some third party cookies have been temporarily classified as essential, meaning some cookies will drop that are not actually necessary for the functioning of the site. We are working to fix the issue, but you can still block essential cookies through your browser tools.

Information Our Partners Collect

We use the following partners to better improve your overall web browsing experience. They use cookies and other mechanisms to connect you with your social networks and tailor advertising to better match your interests. You can elect to opt-out of this information collection by unticking the boxes below.

Categories
1 of 1 allowed
Essential Required

We rely on cookies, javascript, and other web technologies to serve key—or essential—elements on the site. This may include things like your language preferences or server-based cookies intended to keep our site running and operational. If disabled, your site experience will likely be impacted.

Analytics

We use analytics to improve our website by better understanding how often users visit the site, what pages they visit most, and how long they spend on our site. We'll rely on cookies and third-party partners to track these actions and behaviors. Click on one of the partner names to learn more.

Vendors
Name Required

Website:

In Their Own Words

What data does this company collect?

Data Collected

Anonymous:

Pseudonymous:

PII:

Sensitive:

Data Sharing

Data Retention

Data Use

Data Storage

Adobe