What is CVE-2019-6172?

CVE-2019-6172 is a medium-severity vulnerability in Lenovo Thinkpad. CVSS score: 6.4/10. Published 2019-11-12.

How severe is CVE-2019-6172?

Medium severity. CVSS v3 base score is 6.4 out of 10.

Vulnerability in Lenovo Thinkpad

CVE-2019-6172

A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution.

EPSS: 0.001 (26.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.4 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Lenovo Thinkpad — versions Various

References

support.lenovo.com/us/en/product_security/LEN-27714 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2019-6172?: CVE-2019-6172 is a medium-severity vulnerability in Lenovo Thinkpad. CVSS score: 6.4/10. Published 2019-11-12.
How severe is CVE-2019-6172?: Medium severity. CVSS v3 base score is 6.4 out of 10.