CVE-2019-6190

high-risk

Published 2020-02-14

Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled.

Do I need to act?

0.12% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.0/10 Medium

LOCAL / LOW complexity

Affected Products (20)

Thinkcentre E93 Firmware

Thinkcentre M6500S Firmware

Thinkcentre M6500T Firmware

Thinkcentre M73P Firmware

Thinkcentre M83 Firmware

Thinkcentre M8500S Firmware

Thinkcentre M8500T Firmware

Thinkcentre M93 Firmware

Thinkcentre M93P Firmware

Thinkstation E32 Firmware

Thinkstation P300 Firmware

Thinkstation C30 Refresh Firmware

Thinkstation D30 Refresh Firmware

Thinkstation P410 Firmware

Thinkstation P500 Firmware

Thinkstation P510 Firmware

Thinkstation P700 Firmware

Thinkstation P710 Firmware

Thinkstation P720 Firmware

Thinkstation P900 Firmware

Affected Vendors

Lenovo

References (3)

Vendor Advisory https://support.lenovo.com/us/en/product_security/LEN-28078

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/176178

Vendor Advisory https://support.lenovo.com/us/en/product_security/LEN-28078

/ 100

high-risk

Severity 17/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 33/34 · Critical