What is CVE-2019-6170?

CVE-2019-6170 is a medium-severity vulnerability in Lenovo Thinkpad. CVSS score: 6.4/10. Published 2019-11-12.

How severe is CVE-2019-6170?

Medium severity. CVSS v3 base score is 6.4 out of 10.

Vulnerability in Lenovo Thinkpad

CVE-2019-6170

A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution.

EPSS: 0.001 (22.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.4 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Lenovo Thinkpad — versions Various

References

support.lenovo.com/us/en/product_security/LEN-27714 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2019-6170?: CVE-2019-6170 is a medium-severity vulnerability in Lenovo Thinkpad. CVSS score: 6.4/10. Published 2019-11-12.
How severe is CVE-2019-6170?: Medium severity. CVSS v3 base score is 6.4 out of 10.