CVE-2019-6172
MEDIUMLenovo ThinkPad Firmware - Arbitrary Code Execution via SMI Callback Function
Title source: llmDescription
A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://support.lenovo.com/us/en/product_security/LEN-27714
Scores
CVSS v3
6.4
EPSS
0.0009
EPSS Percentile
25.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (50)
lenovo/130-14ikb_firmware
lenovo/130-15ikb_firmware
lenovo/330-14ikb_firmware
lenovo/330-14ikbr_firmware
lenovo/330-15ich_firmware
lenovo/330-15ikb_firmware
lenovo/330-15ikbr_firmware
lenovo/330-15ikbr_touch_firmware
lenovo/330-17ich_firmware
lenovo/330-17ikb_firmware
... and 40 more
Published
Nov 12, 2019
Tracked Since
Feb 18, 2026