CVE-2019-6156

LOW

Lenovo 510-15IKL and other Ideacentre/Legion Firmware - Improper Locking in SPI Protected Range Registers

Title source: llm

Description

In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://support.lenovo.com/solutions/LEN-26332

Scores

CVSS v3 3.3

EPSS 0.0004

EPSS Percentile 13.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-667

Status published

Products (50)

lenovo/330-14igm_firmware < 7xcn30ww

lenovo/330-15igm_firmware < 7xcn30ww

lenovo/510-15ikl_firmware

lenovo/510s-08ikl_firmware

lenovo/530s-07icb_firmware

lenovo/aio300-23isu\(c5130\)_firmware < o1lkt46a

lenovo/aio520-22ikl_firmware

lenovo/aio520-22iku_firmware

lenovo/aio520-24ikl_firmware

lenovo/aio520-24iku_firmware

... and 40 more

Published Apr 10, 2019

Tracked Since Feb 18, 2026