CVE-2019-6172
high-risk
Published 2019-11-12
A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution.
Do I need to act?
-
0.09% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.4/10
Medium
LOCAL
/ HIGH complexity
Affected Products (20)
510-15Ikl Firmware
510S-08Ikl Firmware
Ideacentre 300-20Ish Firmware
Ideacentre 300S-11Ish Firmware
Ideacentre 310S-08Asr Firmware
Ideacentre 310S-08Igm Firmware
Ideacentre 510-15Icb Firmware
Ideacentre 510A-15Icb Firmware
Ideacentre 510S-08Ish Firmware
Ideacentre 700 Firmware
Ideacentre 720-18Apr Firmware
Ideacentre 720-18Icb Firmware
Legion C530-19Icb Firmware
Legion C730-19Ico Firmware
Legion T530-28Apr Firmware
Legion T530-28Apr Reflash Firmware
Legion T530-28Icb Firmware
Legion T530-28Icb Reflash Firmware
Legion T730-28Ico Firmware
Legion Y520T Z370 Firmware
Affected Vendors
References (2)
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-27714
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-27714
50
/ 100
high-risk
Severity
17/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
33/34 · Critical