Vulnerability CVE-2019-6156


Published: 2019-04-10

Description:
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.

Type:

CWE-254

(Security Features)

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Lenovo -> Thinkcentre m83z (aio) firmware 
Lenovo -> Thinkstation p700 firmware 
Lenovo -> Yangtian mf/wf h81 pci firmware 
Lenovo -> 510-15ikl firmware 
Lenovo -> Legion y920 tower firmware 
Lenovo -> Thinkcenter m800z firmware 
Lenovo -> Thinkcentre m700t firmware 
Lenovo -> Thinkcentre m900z firmware 
Lenovo -> Thinkstation p710 firmware 
Lenovo -> Yangtian ms/ws h81 firmware 
Lenovo -> 510s-08ikl firmware 
Lenovo -> Lenovo 63 firmware 
Lenovo -> Thinkcentre e73 (sff) firmware 
Lenovo -> Thinkcentre m700z firmware 
Lenovo -> Thinkcentre m910z firmware 
Lenovo -> Thinkstation p720 firmware 
Lenovo -> Yangtian tc/wc h110 pci firmware 
Lenovo -> 530s-07icb firmware 
Lenovo -> M4500 firmware 
Lenovo -> Thinkcentre e73 (twr) firmware 
Lenovo -> Thinkcentre m710e firmware 
Lenovo -> Thinkcentre m920z firmware 
Lenovo -> Thinkstation p900 firmware 
Lenovo -> Yangtian tc/wcc h81 pci firmware 
Lenovo -> Aio520-22ikl firmware 
Lenovo -> M4500 id firmware 
Lenovo -> Thinkcentre e73s firmware 
Lenovo -> Thinkcentre m710s firmware 
Lenovo -> Thinkcentre m9500z firmware 
Lenovo -> Thinkstation p910 firmware 
Lenovo -> Yangtian ytm6900e-00 firmware 
Lenovo -> Aio520-22iku firmware 
Lenovo -> M4550 id firmware 
Lenovo -> Thinkcentre e74 firmware 
Lenovo -> Thinkcentre m710t firmware 
Lenovo -> Thinkcentre m9550z firmware 
Lenovo -> Thinkstation p920 firmware 
Lenovo -> Aio520-24ikl firmware 
Lenovo -> Qitian 4500 firmware 
Lenovo -> Thinkcentre e74s firmware 
Lenovo -> Thinkcentre m720t firmware 
Lenovo -> Thinkcentre s510 firmware 
Lenovo -> Thinkstation s30 refresh firmware 
Lenovo -> Aio520-24iku firmware 
Lenovo -> Qitian b4550 firmware 
Lenovo -> Thinkcentre e74z firmware 
Lenovo -> Thinkcentre m7300z firmware 
Lenovo -> Thinkcentre x1 aio firmware 
Lenovo -> V520s-08ikl firmware 
Lenovo -> Aio520-27ikl firmware 
Lenovo -> Qitian b4650 firmware 
Lenovo -> Thinkcentre e75s firmware 
Lenovo -> Thinkcentre m73 (sff) firmware 
Lenovo -> Thinkstation c30 refresh firmware 
Lenovo -> V520t-15ikl firmware 
Lenovo -> Aio y910-27ish firmware 
Lenovo -> Qitian m4550 firmware 
Lenovo -> Thinkcentre e75t firmware 
Lenovo -> Thinkcentre m73 (twr) firmware 
Lenovo -> Thinkstation d30 refresh firmware 
Lenovo -> Yangtian afh110 firmware 
Lenovo -> H50-30g desktop firmware 
Lenovo -> Qitian m4600 firmware 
Lenovo -> Thinkcentre m4500k firmware 
Lenovo -> Thinkcentre m73 tiny firmware 
Lenovo -> Thinkstation p310 firmware 
Lenovo -> Yangtian afh81 firmware 
Lenovo -> Ideacentre 300-20ish firmware 
Lenovo -> Qitian m4650 firmware 
Lenovo -> Thinkcentre m4500q firmware 
Lenovo -> Thinkcentre m800z firmware 
Lenovo -> Thinkstation p410 firmware 
Lenovo -> Yangtian mc h110 firmware 
Lenovo -> Ideacentre 300s-11ish firmware 
Lenovo -> Qt a7400 firmware 
Lenovo -> Thinkcentre m4500s firmware 
Lenovo -> Thinkcentre m810z firmware 
Lenovo -> Thinkstation p500 firmware 
Lenovo -> Yangtian mc h110 pci firmware 
Lenovo -> Ideacentre 510s-08ish firmware 
Lenovo -> Qt b415 firmware 
Lenovo -> Thinkcentre m4500t firmware 
Lenovo -> Thinkcentre m818z firmware 
Lenovo -> Thinkcentre m820z firmware 
Lenovo -> Thinkstation p510 firmware 
Lenovo -> Yangtian mc h81 firmware 
Lenovo -> Ideacentre 620s-03ikl firmware 
Lenovo -> Qt m410 firmware 
Lenovo -> Thinkcentre m4600s firmware 
Lenovo -> Thinkcentre m8300z firmware 
Lenovo -> Thinkstation p520 firmware 
Lenovo -> Yangtian me/we h110 firmware 
Lenovo -> Legion y520t z370 firmware 
Lenovo -> Qt m415 firmware 
Lenovo -> Thinkcentre m4600t firmware 
Lenovo -> Thinkcentre m8350z firmware 
Lenovo -> Thinkstation p520c firmware 
Lenovo -> Yangtian mf/wf h110 pci firmware 
Lenovo -> Legion y720 tower firmware 
Lenovo -> Thinkcenter m700z firmware 

 References:
https://support.lenovo.com/solutions/LEN-26332

Copyright 2020, cxsecurity.com

 

Back to Top