CVE-2019-6192

MEDIUM

Lenovo Power Management Driver < 1.67.17.48 - Denial of Service via Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-6192. PoCs published by Nassim Asrir.

AI-analyzed exploit summary This exploit demonstrates a Denial of Service (DoS) vulnerability in Lenovo Power Management Driver (pmdrvs.sys) by sending a malformed IOCTL request with invalid pointers, causing a SYSTEM_SERVICE_EXCEPTION (0x3B) bugcheck due to insufficient input validation.

Description

A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.

Exploits (1)

exploitdb WORKING POC

by Nassim Asrir · cdoswindows

https://www.exploit-db.com/exploits/47771

View Code ZIP pw:eip

This exploit demonstrates a Denial of Service (DoS) vulnerability in Lenovo Power Management Driver (pmdrvs.sys) by sending a malformed IOCTL request with invalid pointers, causing a SYSTEM_SERVICE_EXCEPTION (0x3B) bugcheck due to insufficient input validation.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Lenovo Power Management Driver 1.67.17.48 (pmdrvs.sys)

No auth needed

Prerequisites: Access to a vulnerable Lenovo system with the affected driver installed

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Mitigation, Vendor Advisory x_refsource_misc

https://support.lenovo.com/solutions/LEN-29334

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/155656/Lenovo-Power-Management-Driver-Buffer-Overflow.html

Scores

CVSS v3 4.4

EPSS 0.0210

EPSS Percentile 84.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-120

Status published

Products (1)

lenovo/power_management_driver < 1.67.17.48

Published Dec 10, 2019

Tracked Since Feb 18, 2026