CVE-2020-8337

Description

An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.

Remediation

Solution:

  • Update to version 1.0.83.0 (or later) of the Smart Audio app, which installs with the corresponding audio driver version.

Category

6.7
CVSS
Severity: Medium
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.05%
Vendor Advisory lenovo.com Vendor Advisory synaptics.com
Affected: Lenovo Synaptics Smart Audio UWP App
Published at:
Updated at:

References

Link Tags
https://support.lenovo.com/us/en/product_security/len-30707 vendor advisory
https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf vendor advisory

Frequently Asked Questions

What is the severity of CVE-2020-8337?
CVE-2020-8337 has been scored as a medium severity vulnerability.
How to fix CVE-2020-8337?
To fix CVE-2020-8337: Update to version 1.0.83.0 (or later) of the Smart Audio app, which installs with the corresponding audio driver version.
Is CVE-2020-8337 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2020-8337 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-8337?
CVE-2020-8337 affects Lenovo Synaptics Smart Audio UWP App.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.