Vulnerability Description
A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | 510-15Ikl Firmware | - |
| Lenovo | 510-15Ikl | - |
| Lenovo | 510S-08Ikl Firmware | - |
| Lenovo | 510S-08Ikl | - |
| Lenovo | Ideacentre 300-20Ish Firmware | - |
| Lenovo | Ideacentre 300-20Ish | - |
| Lenovo | Ideacentre 300S-11Ish Firmware | - |
| Lenovo | Ideacentre 300S-11Ish | - |
| Lenovo | Ideacentre 310S-08Asr Firmware | - |
| Lenovo | Ideacentre 310S-08Asr | - |
| Lenovo | Ideacentre 310S-08Igm Firmware | - |
| Lenovo | Ideacentre 310S-08Igm | - |
| Lenovo | Ideacentre 510-15Icb Firmware | - |
| Lenovo | Ideacentre 510-15Icb | - |
| Lenovo | Ideacentre 510A-15Icb Firmware | - |
| Lenovo | Ideacentre 510A-15Icb | - |
| Lenovo | Ideacentre 510S-08Ish Firmware | - |
| Lenovo | Ideacentre 510S-08Ish | - |
| Lenovo | Ideacentre 700 Firmware | - |
| Lenovo | Ideacentre 700 | - |
References
- https://support.lenovo.com/us/en/product_security/LEN-27714Vendor Advisory
- https://support.lenovo.com/us/en/product_security/LEN-27714Vendor Advisory
FAQ
What is CVE-2019-6172?
CVE-2019-6172 is a vulnerability with a CVSS score of 6.4 (MEDIUM). A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution.
How severe is CVE-2019-6172?
CVE-2019-6172 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-6172?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo 510-15Ikl Firmware, Lenovo 510-15Ikl, Lenovo 510S-08Ikl Firmware, Lenovo 510S-08Ikl, Lenovo Ideacentre 300-20Ish Firmware.