Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash.
How to fix
Remediation Available
thinkpad e14 firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad e15 firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad e490 firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad e490s firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad e590 firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad l13 1st gen firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad l1415 gen 1 firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad l390 yoga firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad l490 firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad l590 firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad p1 \(20mx\) firmwareNVD
Affected:< n2eet47wFixed in:n2eet47wCVE-2020-8336derived from NVD
thinkpad p1 \(20qx\) firmwareNVD
Affected:< n2oet44wFixed in:n2oet44wCVE-2020-8336derived from NVD
thinkpad p43s \(20rx\) firmwareNVD
Affected:< n2iet88wFixed in:n2iet88wCVE-2020-8336derived from NVD
thinkpad p52 \(20mx\) firmwareNVD
Affected:< n2cet51w-1.34Fixed in:n2cet51w-1.34CVE-2020-8336derived from NVD
thinkpad p53 \(20qx\) firmwareNVD
Affected:< n2net37wFixed in:n2net37wCVE-2020-8336derived from NVD
thinkpad p53s \(20nx\) firmwareNVD
Affected:< n2iet88wFixed in:n2iet88wCVE-2020-8336derived from NVD
thinkpad p72 \(20mx\) firmwareNVD
Affected:< n2cet51wFixed in:n2cet51wCVE-2020-8336derived from NVD
thinkpad p73 \(20qx\) firmwareNVD
Affected:< n2net37wFixed in:n2net37wCVE-2020-8336derived from NVD
thinkpad r14 firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad r490 firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad r590 firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad s2 yoga 4th gen firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad s3 firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad s3 gen 2 firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad t490 \(20nx\) firmwareNVD
Affected:< n2iet88wFixed in:n2iet88wCVE-2020-8336derived from NVD
thinkpad t490 \(20qx\) firmwareNVD
Affected:< n2iet88wFixed in:n2iet88wCVE-2020-8336derived from NVD
thinkpad t490 \(20rx\) firmwareNVD
Affected:< n2iet88wFixed in:n2iet88wCVE-2020-8336derived from NVD
thinkpad t490s \(20nx\) firmwareNVD
Affected:< n2jet87wFixed in:n2jet87wCVE-2020-8336derived from NVD
thinkpad t590 \(20nx\) firmwareNVD
Affected:< n2iet88wFixed in:n2iet88wCVE-2020-8336derived from NVD
thinkpad x1 carbon \(20qx\) firmwareNVD
Affected:< n2het47wFixed in:n2het47wCVE-2020-8336derived from NVD
thinkpad x1 carbon \(20rx\) firmwareNVD
Affected:< n2het47wFixed in:n2het47wCVE-2020-8336derived from NVD
thinkpad x1 extreme \(20mx\) firmwareNVD
Affected:< n2eet47wFixed in:n2eet47wCVE-2020-8336derived from NVD
thinkpad x1 extreme \(20qx\) firmwareNVD
Affected:< n2oet44wFixed in:n2oet44wCVE-2020-8336derived from NVD
thinkpad x1 yoga \(20qx\) firmwareNVD
Affected:< n2het47wFixed in:n2het47wCVE-2020-8336derived from NVD
thinkpad x1 yoga \(20sx\) firmwareNVD
Affected:< n2het47wFixed in:n2het47wCVE-2020-8336derived from NVD
thinkpad x390 \(20qx\) firmwareNVD
Affected:< n2jet87wFixed in:n2jet87wCVE-2020-8336derived from NVD
thinkpad x390 \(20sx\) firmwareNVD
Affected:< n2set18wFixed in:n2set18wCVE-2020-8336derived from NVD
thinkpad x390 yoga firmwareNVD
Affected:< n2let74wFixed in:n2let74wCVE-2020-8336derived from NVD
Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
CVSS v3 Vector
Exploitability
Attack VectorPhysical
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploit Intelligence
0.29%probability of exploitation in 30 days
20thpercentile
Low risk: more likely to be exploited than 20% of all known CVEs.
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.