CVE-2019-6170
MEDIUMLenovo ThinkPad Firmware - Arbitrary Code Execution via SMI Callback Function
Title source: llmDescription
A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://support.lenovo.com/us/en/product_security/LEN-27714
Scores
CVSS v3
6.4
EPSS
0.0007
EPSS Percentile
22.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (50)
lenovo/130-14ikb_firmware
lenovo/130-15ikb_firmware
lenovo/330-14ikb_firmware
lenovo/330-14ikbr_firmware
lenovo/330-15ich_firmware
lenovo/330-15ikb_firmware
lenovo/330-15ikbr_firmware
lenovo/330-15ikbr_touch_firmware
lenovo/330-17ich_firmware
lenovo/330-17ikb_firmware
... and 40 more
Published
Nov 12, 2019
Tracked Since
Feb 18, 2026