CVE-2019-6170
high-risk
Published 2019-11-12
A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution.
Do I need to act?
-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.4/10
Medium
LOCAL
/ HIGH complexity
Affected Products (20)
510-15Ikl Firmware
510S-08Ikl Firmware
Ideacentre 300-20Ish Firmware
Ideacentre 300S-11Ish Firmware
Ideacentre 310S-08Asr Firmware
Ideacentre 310S-08Igm Firmware
Ideacentre 510-15Icb Firmware
Ideacentre 510A-15Icb Firmware
Ideacentre 510S-08Ish Firmware
Ideacentre 700 Firmware
Ideacentre 720-18Apr Firmware
Ideacentre 720-18Icb Firmware
Legion C530-19Icb Firmware
Legion C730-19Ico Firmware
Legion T530-28Apr Firmware
Legion T530-28Apr Reflash Firmware
Legion T530-28Icb Firmware
Legion T530-28Icb Reflash Firmware
Legion T730-28Ico Firmware
Legion Y520T Z370 Firmware
Affected Vendors
References (2)
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-27714
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-27714
50
/ 100
high-risk
Severity
17/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
33/34 · Critical