What is CVE-2019-6156?

CVE-2019-6156 is a low-severity vulnerability in Lenovo 330-14igm, classified under Improper Locking. CVSS score: 3.3/10. Published 2019-04-10.

How severe is CVE-2019-6156?

Low severity. CVSS v3 base score is 3.3 out of 10.

Vulnerability in Lenovo 330-14igm

CVE-2019-6156

In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that…

EPSS: 0.002 (14.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.3 (Low). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.

Affected products

Lenovo 330-14igm
Lenovo 330-14igm_firmware
Lenovo 330-15igm
Lenovo 330-15igm_firmware
Lenovo 510-15ikl
Lenovo 510-15ikl_firmware
Lenovo 510s-08ikl
Lenovo 510s-08ikl_firmware
Lenovo 530s-07icb
Lenovo 530s-07icb_firmware

Weakness classification (CWE)

CWE-667 — Improper Locking

References

psirt@lenovo.com (Patch, x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2019-6156?: CVE-2019-6156 is a low-severity vulnerability in Lenovo 330-14igm, classified under Improper Locking. CVSS score: 3.3/10. Published 2019-04-10.
How severe is CVE-2019-6156?: Low severity. CVSS v3 base score is 3.3 out of 10.