Strix
26.1K

CVE-2019-6170

MEDIUMCVSS 6.4/10EPSS 0.35%

Last modified

CVE-2019-6170 is a medium-severity vulnerability rated 6.4/10 on the CVSS scale. A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution.. EPSS estimates a 0.35% chance of exploitation in the next 30 days.

Description

A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution.

Metrics

CVSS 3.1
6.4/10

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.35%

26.9th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
Lenovo510-15ikl FirmwareAll versions
Lenovo510s-08ikl FirmwareAll versions
LenovoIdeacentre 300-20ish FirmwareAll versions
LenovoIdeacentre 300s-11ish FirmwareAll versions
LenovoIdeacentre 310s-08asr FirmwareAll versions
LenovoIdeacentre 310s-08igm FirmwareAll versions
LenovoIdeacentre 510-15icb FirmwareAll versions
LenovoIdeacentre 510a-15icb FirmwareAll versions
LenovoIdeacentre 510s-08ish FirmwareAll versions
LenovoIdeacentre 700 FirmwareAll versions
LenovoIdeacentre 720-18apr FirmwareAll versions
LenovoIdeacentre 720-18icb FirmwareAll versions
LenovoLegion C530-19icb FirmwareAll versions
LenovoLegion C730-19ico FirmwareAll versions
LenovoLegion T530-28apr FirmwareAll versions
LenovoLegion T530-28apr Reflash FirmwareAll versions
LenovoLegion T530-28icb FirmwareAll versions
LenovoLegion T530-28icb Reflash FirmwareAll versions
LenovoLegion T730-28ico FirmwareAll versions
LenovoLegion Y520t Z370 FirmwareAll versions
Lenovo63 FirmwareAll versions
LenovoH50-30g Desktop FirmwareAll versions
LenovoM4500 FirmwareAll versions
LenovoM4500 Id FirmwareAll versions
LenovoM4550 Id FirmwareAll versions
LenovoV330-15igm FirmwareAll versions
LenovoV530s-07icb FirmwareAll versions
LenovoQitian 4500 FirmwareAll versions
LenovoQitian B4550 FirmwareAll versions
LenovoQitian B4650 FirmwareAll versions
LenovoQitian B5900 FirmwareAll versions
LenovoQitian M4550 FirmwareAll versions
LenovoQitian M4600 FirmwareAll versions
LenovoQitian M4650 FirmwareAll versions
LenovoQt M410 FirmwareAll versions
LenovoQt B415 FirmwareAll versions
LenovoQt M415 FirmwareAll versions
LenovoThinkcentre E73 FirmwareAll versions
LenovoThinkcentre E73s FirmwareAll versions
LenovoThinkcentre E74 FirmwareAll versions
LenovoThinkcentre E74s FirmwareAll versions
LenovoThinkcentre E75t FirmwareAll versions
LenovoThinkcentre E75s FirmwareAll versions
LenovoThinkcentre E93 FirmwareAll versions
LenovoThinkcentre M4500k FirmwareAll versions
LenovoThinkcentre M4500q FirmwareAll versions
LenovoThinkcentre M4500t FirmwareAll versions
LenovoThinkcentre M4500s FirmwareAll versions
LenovoThinkcentre M4600t FirmwareAll versions
LenovoThinkcentre M4600s FirmwareAll versions

Showing 50 of 392 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-6170?
A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution.
How severe is CVE-2019-6170?
CVE-2019-6170 has a CVSS score of 6.4/10 (MEDIUM severity). The EPSS model estimates a 0.35% probability of exploitation in the next 30 days.
How do I fix CVE-2019-6170?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-6170?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST